From a961324af1f5b5484efa60f5cf7072de5cbda69d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Salva=20Peir=C3=B3?= Date: Wed, 25 Nov 2015 14:03:50 +0100 Subject: [PATCH] cred: Prevent commit_creds() user-space abuse MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Salva Peiró --- kernel/cred.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/kernel/cred.c b/kernel/cred.c index 71179a0..7191db3 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -428,6 +428,13 @@ int commit_creds(struct cred *new) atomic_read(&new->usage), read_cred_subscribers(new)); + /* block attempts to use commit_creds from user space */ + if (__builtin_return_address(0) < PAGE_OFFSET) { + printk(KERN_ERR "CRED: BUG commit_creds called from user-space\n"); + WARN_ON(1); + return -1; + } + BUG_ON(task->cred != old); #ifdef CONFIG_DEBUG_CREDENTIALS BUG_ON(read_cred_subscribers(old) < 2); -- 2.1.4