Date: Fri, 4 Oct 2013 10:05:38 +0100 From: Djalal Harouni <tixxdz@...ndz.org> To: Ingo Molnar <mingo@...nel.org> Cc: Kees Cook <keescook@...omium.org>, Andy Lutomirski <luto@...capital.net>, "Eric W. Biederman" <ebiederm@...ssion.com>, Al Viro <viro@...iv.linux.org.uk>, Andrew Morton <akpm@...ux-foundation.org>, Linus Torvalds <torvalds@...ux-foundation.org>, "Serge E. Hallyn" <serge.hallyn@...ntu.com>, Cyrill Gorcunov <gorcunov@...nvz.org>, David Rientjes <rientjes@...gle.com>, LKML <linux-kernel@...r.kernel.org>, Linux FS Devel <linux-fsdevel@...r.kernel.org>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, Djalal Harouni <tixxdz@...il.com> Subject: Re: [PATCH v2 0/9] procfs: protect /proc/<pid>/* files with file->f_cred On Thu, Oct 03, 2013 at 08:12:44AM +0200, Ingo Molnar wrote: > So please first get consensus on this fundamental design question before > spreading your solution to more areas. Check file_ns_capable() added in commit 935d8aabd4331 by Linus Add file_ns_capable() helper function for open-time capability checking commit 6708075f104c3c9b0 by Eric, userns: Don't let unprivileged users trick privileged users into setting the id_map So they add file_ns_capable() to inspect file->f_cred during ->write() The difference between the function I've added proc_allow_access() and file_ns_capable() is that proc_allow_access() will check if it's absolutely the same user, otherwise fallback to security_capable() which is the heart of file_ns_capable() So it's already been done and proposed! this is an easy solution to detect if current's cred have changed. > Thanks, > > Ingo -- Djalal Harouni http://opendz.org
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.