[PATCH v2] exec: Correct the permission check for unsafe exec
Kees Cook
kees at kernel.org
Tue May 20 22:35:03 UTC 2025
On Tue, May 20, 2025 at 05:13:03PM -0500, Eric W. Biederman wrote:
> Max Kellerman recently experienced a problem[1] when calling exec with
> differing uid and euid's and he triggered the logic that is supposed
> to only handle setuid executables.
Max, can you verify this patch solves your use case?
> [...]
> To minimize behavioural changes the code continues to set secureexec
> when euid != uid or when egid != gid.
> [...]
> @@ -993,7 +987,9 @@ int cap_bprm_creds_from_file(struct linux_binprm *bprm, const struct file *file)
> return -EPERM;
>
> /* Check for privilege-elevated exec. */
> - if (is_setid ||
> + if (id_changed ||
> + !uid_eq(new->euid, old->uid) ||
> + !gid_eq(new->egid, old->gid) ||
> (!__is_real(root_uid, new) &&
> (effective ||
> __cap_grew(permitted, ambient, new))))
Great! Thanks for the secureexec tweak here. Jann, does this look
reasonable to you?
-Kees
--
Kees Cook
More information about the Linux-security-module-archive
mailing list