MIRRORS/linux-imx
1
0
Fork 0
mirror of https://github.com/nxp-imx/linux-imx.git synced 2025-07-19 07:39:54 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,226,840 Commits 163 Branches 4,301 Tags 3.5 GiB
C 97.6%
Assembly 1.1%
Shell 0.5%
Makefile 0.3%
Python 0.2%
d2a2a4714d
Go to file
Kees Cook d2a2a4714d exec: Fix ToCToU between perm check and set-uid/gid usage 
commit f50733b45d upstream.

When opening a file for exec via do_filp_open(), permission checking is
done against the file's metadata at that moment, and on success, a file
pointer is passed back. Much later in the execve() code path, the file
metadata (specifically mode, uid, and gid) is used to determine if/how
to set the uid and gid. However, those values may have changed since the
permissions check, meaning the execution may gain unintended privileges.

For example, if a file could change permissions from executable and not
set-id:

---------x 1 root root 16048 Aug  7 13:16 target

to set-id and non-executable:

---S------ 1 root root 16048 Aug  7 13:16 target

it is possible to gain root privileges when execution should have been
disallowed.

While this race condition is rare in real-world scenarios, it has been
observed (and proven exploitable) when package managers are updating
the setuid bits of installed programs. Such files start with being
world-executable but then are adjusted to be group-exec with a set-uid
bit. For example, "chmod o-x,u+s target" makes "target" executable only
by uid "root" and gid "cdrom", while also becoming setuid-root:

-rwxr-xr-x 1 root cdrom 16048 Aug  7 13:16 target

becomes:

-rwsr-xr-- 1 root cdrom 16048 Aug  7 13:16 target

But racing the chmod means users without group "cdrom" membership can
get the permission to execute "target" just before the chmod, and when
the chmod finishes, the exec reaches brpm_fill_uid(), and performs the
setuid to root, violating the expressed authorization of "only cdrom
group members can setuid to root".

Re-check that we still have execute permissions in case the metadata
has changed. It would be better to keep a copy from the perm-check time,
but until we can do that refactoring, the least-bad option is to do a
full inode_permission() call (under inode lock). It is understood that
this is safe against dead-locks, but hardly optimal.

Reported-by: Marco Vanotti <mvanotti@google.com>
Tested-by: Marco Vanotti <mvanotti@google.com>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: stable@vger.kernel.org
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Christian Brauner <brauner@kernel.org>
Signed-off-by: Kees Cook <kees@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-08-19 06:04:22 +02:00
arch x86/mtrr: Check if fixed MTRRs exist before saving them 2024-08-14 13:59:00 +02:00
block block: fix deadlock between sd_remove & sd_release 2024-08-03 08:54:24 +02:00
certs certs: Reference revocation list for all keyrings 2023-08-17 20:12:41 +00:00
crypto crypto: aead,cipher - zeroize key buffer after use 2024-07-11 12:49:04 +02:00
Documentation smb3: fix setting SecurityFlags when encryption is required 2024-08-14 13:58:59 +02:00
drivers nouveau: set placement to original placement on uvmm validate. 2024-08-14 13:59:03 +02:00
fs exec: Fix ToCToU between perm check and set-uid/gid usage 2024-08-19 06:04:22 +02:00
include ipv6: fix source address selection with route leak 2024-08-14 13:59:03 +02:00
init rust: SHADOW_CALL_STACK is incompatible with Rust 2024-08-11 12:47:24 +02:00
io_uring io_uring: fix io_match_task must_hold 2024-08-03 08:54:41 +02:00
ipc sysctl: treewide: drop unused argument ctl_table_root::set_ownership(table) 2024-08-11 12:47:13 +02:00
kernel sched/core: Fix unbalance set_rq_online/offline() in sched_cpu_deactivate() 2024-08-14 13:59:00 +02:00
lib lib/build_OID_registry: don't mention the full path of the script in output 2024-08-03 08:54:32 +02:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
mm mm/hugetlb: fix potential race in __update_and_free_hugetlb_folio() 2024-08-14 13:59:03 +02:00
net mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set 2024-08-14 13:59:04 +02:00
rust rust: kernel: require Send for Module implementations 2024-05-17 12:01:56 +02:00
samples work around gcc bugs with 'asm goto' with outputs 2024-02-23 09:24:47 +01:00
scripts kbuild: avoid build error when single DTB is turned into composite DTB 2024-08-03 08:54:36 +02:00
security apparmor: Fix null pointer deref when receiving skb during sock creation 2024-08-03 08:54:38 +02:00
sound ASoC: amd: yc: Add quirk entry for OMEN by HP Gaming Laptop 16-n0xxx 2024-08-14 13:58:57 +02:00
tools Revert "selftests: mptcp: simult flows: mark 'unbalanced' tests as flaky" 2024-08-14 13:59:04 +02:00
usr initramfs: Encode dependency on KBUILD_BUILD_TIMESTAMP 2023-06-06 17:54:49 +09:00
virt KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() 2024-06-27 13:49:11 +02:00
.clang-format iommu: Add for_each_group_device() 2023-05-23 08:15:51 +02:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore kbuild: rpm-pkg: rename binkernel.spec to kernel.spec 2023-07-25 00:59:33 +09:00
.mailmap 20 hotfixes. 12 are cc:stable and the remainder address post-6.5 issues 2023-10-24 09:52:16 -10:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING
CREDITS USB: Remove Wireless USB and UWB documentation 2023-08-09 14:17:32 +02:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig
MAINTAINERS pwm: Rename pwm_apply_state() to pwm_apply_might_sleep() 2024-06-12 11:12:24 +02:00
Makefile Linux 6.6.46 2024-08-14 13:59:04 +02:00
README

README

Linux kernel

There are several guides for kernel developers and users. These guides can be rendered in a number of formats, like HTML and PDF. Please read Documentation/admin-guide/README.rst first.

In order to build the documentation, use make htmldocs or make pdfdocs. The formatted documentation can also be read online at:

https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory, several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the requirements for building and running the kernel, and information about the problems which may result by upgrading your kernel.