diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2013-03-15 08:03:33 (GMT) |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2013-04-05 16:26:01 (GMT) |
| commit | 882dc231e68ddd6ecc94fdb094c104b1ebe538c7 (patch) | |
| tree | 4be283b4d170e5a48bcf2a6d3c9e26fa4a9868cb /net/core | |
| parent | 366c19c14bfdc64a66f4eb5010fcdbb6a6a9746c (diff) | |
| download | linux-fsl-qoriq-882dc231e68ddd6ecc94fdb094c104b1ebe538c7.tar.xz | |
scm: Require CAP_SYS_ADMIN over the current pidns to spoof pids.
commit 92f28d973cce45ef5823209aab3138eb45d8b349 upstream.
Don't allow spoofing pids over unix domain sockets in the corner
cases where a user has created a user namespace but has not yet
created a pid namespace.
Reported-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net/core')
| -rw-r--r-- | net/core/scm.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/core/scm.c b/net/core/scm.c index 905dcc6..2dc6cda 100644 --- a/net/core/scm.c +++ b/net/core/scm.c @@ -24,6 +24,7 @@ #include <linux/interrupt.h> #include <linux/netdevice.h> #include <linux/security.h> +#include <linux/pid_namespace.h> #include <linux/pid.h> #include <linux/nsproxy.h> #include <linux/slab.h> @@ -52,7 +53,8 @@ static __inline__ int scm_check_creds(struct ucred *creds) if (!uid_valid(uid) || !gid_valid(gid)) return -EINVAL; - if ((creds->pid == task_tgid_vnr(current) || nsown_capable(CAP_SYS_ADMIN)) && + if ((creds->pid == task_tgid_vnr(current) || + ns_capable(current->nsproxy->pid_ns->user_ns, CAP_SYS_ADMIN)) && ((uid_eq(uid, cred->uid) || uid_eq(uid, cred->euid) || uid_eq(uid, cred->suid)) || nsown_capable(CAP_SETUID)) && ((gid_eq(gid, cred->gid) || gid_eq(gid, cred->egid) || |