[PATCH v5 5/6] prctl: Allow checkpoint/restore capable processes to change exe link
Adrian Reber
areber at redhat.com
Wed Jul 15 14:49:53 UTC 2020
From: Nicolas Viennot <Nicolas.Viennot at twosigma.com>
Allow CAP_CHECKPOINT_RESTORE capable users to change /proc/self/exe.
This commit also changes the permission error code from -EINVAL to
-EPERM for consistency with the rest of the prctl() syscall when
checking capabilities.
Signed-off-by: Nicolas Viennot <Nicolas.Viennot at twosigma.com>
Signed-off-by: Adrian Reber <areber at redhat.com>
---
kernel/sys.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/kernel/sys.c b/kernel/sys.c
index 00a96746e28a..dd59b9142b1d 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -2007,12 +2007,14 @@ static int prctl_set_mm_map(int opt, const void __user *addr, unsigned long data
if (prctl_map.exe_fd != (u32)-1) {
/*
- * Make sure the caller has the rights to
- * change /proc/pid/exe link: only local sys admin should
- * be allowed to.
+ * Check if the current user is checkpoint/restore capable.
+ * At the time of this writing, it checks for CAP_SYS_ADMIN
+ * or CAP_CHECKPOINT_RESTORE.
+ * Note that a user with access to ptrace can masquerade an
+ * arbitrary program as any executable, even setuid ones.
*/
- if (!ns_capable(current_user_ns(), CAP_SYS_ADMIN))
- return -EINVAL;
+ if (!checkpoint_restore_ns_capable(current_user_ns()))
+ return -EPERM;
error = prctl_set_mm_exe_file(mm, prctl_map.exe_fd);
if (error)
--
2.26.2
More information about the Linux-security-module-archive
mailing list