On 14/10/13 21:17, Djalal Harouni wrote:
> On Fri, Oct 11, 2013 at 02:19:14PM +1100, Ryan Mallon wrote:
>> On 11/10/13 13:20, Eric W. Biederman wrote:
>>> Joe Perches writes:
>>>
Some setuid binaries will allow reading of files which have read
permission by the real user id. This is pro
On Mon, Oct 14, 2013 at 11:17:06AM +0100, Djalal Harouni wrote:
> On Fri, Oct 11, 2013 at 02:19:14PM +1100, Ryan Mallon wrote:
> > On 11/10/13 13:20, Eric W. Biederman wrote:
> > > Joe Perches writes:
> > >
> > >> Some setuid binaries will allow reading of files which have read
> > >> permission
On Fri, Oct 11, 2013 at 02:19:14PM +1100, Ryan Mallon wrote:
> On 11/10/13 13:20, Eric W. Biederman wrote:
> > Joe Perches writes:
> >
> >> Some setuid binaries will allow reading of files which have read
> >> permission by the real user id. This is problematic with files which
> >> use %pK becau
On 12/10/13 09:37, Eric W. Biederman wrote:
> Ryan Mallon writes:
>
>> The only remaining problem is kernel/module.c:module_sect_show() which
>> is used to write the sysfs files in /sys/module//sections/.
>> Those files are actually are really good target for leaking %pK values
>> via setuid bin
Ryan Mallon writes:
> The only remaining problem is kernel/module.c:module_sect_show() which
> is used to write the sysfs files in /sys/module//sections/.
> Those files are actually are really good target for leaking %pK values
> via setuid binaries. The problem is that the module_sect_show() fun
On 11/10/13 15:42, George Spelvin wrote:
> ebied...@xmission.com (Eric W. Biederman) wrote:
>> Sigh. This is all wrong. The only correct thing to test is
>> file->f_cred. Aka the capabilities of the program that opened the
>> file.
>>
>> Which means that the interface to %pK in the case of kptr
On Fri, 2013-10-11 at 16:19 +1100, Ryan Mallon wrote:
> Yeah, that is probably the best solution. I'll try to put together a
> patch series doing this. It will obviously be more involved though, so I
> think it is still worth merging the original patch in the interm.
I just submitted a patch neate
On 11/10/13 15:42, George Spelvin wrote:
> ebied...@xmission.com (Eric W. Biederman) wrote:
>> Sigh. This is all wrong. The only correct thing to test is
>> file->f_cred. Aka the capabilities of the program that opened the
>> file.
>>
>> Which means that the interface to %pK in the case of kptr_
ebied...@xmission.com (Eric W. Biederman) wrote:
> Sigh. This is all wrong. The only correct thing to test is
> file->f_cred. Aka the capabilities of the program that opened the
> file.
>
> Which means that the interface to %pK in the case of kptr_restrict is
> broken as it has no way to be pas
Ryan Mallon writes:
> On 11/10/13 13:20, Eric W. Biederman wrote:
>> Joe Perches writes:
>>
>>> Some setuid binaries will allow reading of files which have read
>>> permission by the real user id. This is problematic with files which
>>> use %pK because the file access permission is checked at
On 11/10/13 13:20, Eric W. Biederman wrote:
> Joe Perches writes:
>
>> Some setuid binaries will allow reading of files which have read
>> permission by the real user id. This is problematic with files which
>> use %pK because the file access permission is checked at open() time,
>> but the kptr_
Joe Perches writes:
> Some setuid binaries will allow reading of files which have read
> permission by the real user id. This is problematic with files which
> use %pK because the file access permission is checked at open() time,
> but the kptr_restrict setting is checked at read() time. If a set
On Thu, 2013-10-10 at 10:18 +1100, Ryan Mallon wrote:
> On 10/10/13 10:09, Joe Perches wrote:
> > Do the in_irq tests only when kptr_restrict is 1.
> > Document the %pK mechanism in vsnprintf
> > Add missing documentation for %pV and %pNF too
>
> I really did mean post a follow-up/separate patch,
On 10/10/13 10:09, Joe Perches wrote:
> Changes in V3a:
>
> Do the in_irq tests only when kptr_restrict is 1.
> Document the %pK mechanism in vsnprintf
> Add missing documentation for %pV and %pNF too
I really did mean post a follow-up/separate patch, not a different
version of mine. The missing
Some setuid binaries will allow reading of files which have read
permission by the real user id. This is problematic with files which
use %pK because the file access permission is checked at open() time,
but the kptr_restrict setting is checked at read() time. If a setuid
binary opens a %pK file as
15 matches
Mail list logo
