Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-11 14:42:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
30aba6656f
linux/include
History
Salvatore Mesoraca 30aba6656f namei: allow restricted O_CREAT of FIFOs and regular files 
Disallows open of FIFOs or regular files not owned by the user in world
writable sticky directories, unless the owner is the same as that of the
directory or the file is opened without the O_CREAT flag.  The purpose
is to make data spoofing attacks harder.  This protection can be turned
on and off separately for FIFOs and regular files via sysctl, just like
the symlinks/hardlinks protection.  This patch is based on Openwall's
"HARDEN_FIFO" feature by Solar Designer.

This is a brief list of old vulnerabilities that could have been prevented
by this feature, some of them even allow for privilege escalation:

CVE-2000-1134
CVE-2007-3852
CVE-2008-0525
CVE-2009-0416
CVE-2011-4834
CVE-2015-1838
CVE-2015-7442
CVE-2016-7489

This list is not meant to be complete.  It's difficult to track down all
vulnerabilities of this kind because they were often reported without any
mention of this particular attack vector.  In fact, before
hardlinks/symlinks restrictions, fifos/regular files weren't the favorite
vehicle to exploit them.

[s.mesoraca16@gmail.com: fix bug reported by Dan Carpenter]
  Link: https://lkml.kernel.org/r/20180426081456.GA7060@mwanda
  Link: http://lkml.kernel.org/r/1524829819-11275-1-git-send-email-s.mesoraca16@gmail.com
[keescook@chromium.org: drop pr_warn_ratelimited() in favor of audit changes in the future]
[keescook@chromium.org: adjust commit subjet]
Link: http://lkml.kernel.org/r/20180416175918.GA13494@beast
Signed-off-by: Salvatore Mesoraca <s.mesoraca16@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Suggested-by: Solar Designer <solar@openwall.com>
Suggested-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-08-23 18:48:43 -07:00
..
acpi ACPICA: Update version to 20180810 2018-08-14 23:49:13 +02:00
asm-generic module: use relative references for __ksymtab entries 2018-08-22 10:52:47 -07:00
clocksource
crypto crypto: scatterwalk - remove scatterwalk_samebuf() 2018-08-03 18:06:04 +08:00
drm drm pull for 4.19-rc1 2018-08-15 17:39:07 -07:00
dt-bindings Staging/IIO patches for 4.19-rc1 2018-08-18 11:00:00 -07:00
keys
kvm KVM: arm/arm64: vgic-v3: Add core support for Group0 SGIs 2018-08-12 12:06:34 +01:00
linux namei: allow restricted O_CREAT of FIFOs and regular files 2018-08-23 18:48:43 -07:00
math-emu
media - New Drivers 2018-08-20 15:38:44 -07:00
memory
misc
net Merge branch 'siginfo-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2018-08-21 13:47:29 -07:00
pcmcia pcmcia: remove long deprecated pcmcia_request_exclusive_irq() function 2018-08-18 12:30:42 -07:00
ras
rdma mm, oom: distinguish blockable mode for mmu notifiers 2018-08-22 10:52:44 -07:00
scsi SCSI misc on 20180815 2018-08-15 22:06:26 -07:00
soc
sound ASoC: Updates for v4.19 2018-08-13 12:12:31 +02:00
target scsi: target: add session removal function 2018-08-02 15:29:31 -04:00
trace Updates for v4.19: 2018-08-20 18:32:00 -07:00
uapi ARM: Support for Group0 interrupts in guests, Cache management 2018-08-22 13:52:44 -07:00
video
xen Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2018-08-18 16:48:07 -07:00