RE: [RFC PATCH 0/1] security: add SECURE_KEEP_FSUID to preserve fsuid/fsgid across execve

From: Lubashev, Igor
Date: Tue Jul 02 2019 - 20:59:25 EST

Next message: Dan Williams: "Re: dev_pagemap related cleanups v4"
Previous message: Shakeel Butt: "Re: [PATCH v3] mm/z3fold.c: Lock z3fold page before __SetPageMovable()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> From: James Morris <jmorris@xxxxxxxxx> on Friday, June 14, 2019 11:54 PM:
> On Sat, 15 Jun 2019, Lubashev, Igor wrote:
>
> > Unfortunately, perf is using uid==0 and euid==0 as a "capability bits".
> >
> >
> > In tools/perf/util/evsel.c:
> > static bool perf_event_can_profile_kernel(void)
> > {
> > return geteuid() == 0 || perf_event_paranoid() == -1;
> > }
> >
> > In tools/perf/util/symbol.c:
> > static bool symbol__read_kptr_restrict(void)
> > {
> > ...
> > value = ((geteuid() != 0) || (getuid() != 0)) ?
> > (atoi(line) != 0) :
> > (atoi(line) == 2);
> > ...
> > }
>
> These are bugs. They should be checking for CAP_SYS_ADMIN.

Thanks for the suggestion.

Actually, the former one should be checking CAP_SYS_ADMIN, while the latter -- CAP_SYSLOG (see lib/vsprintf.c).

Just posted a patch to perf (http://lists.infradead.org/pipermail/linux-arm-kernel/2019-July/664552.html).

Thank you,

- Igor

Next message: Dan Williams: "Re: dev_pagemap related cleanups v4"
Previous message: Shakeel Butt: "Re: [PATCH v3] mm/z3fold.c: Lock z3fold page before __SetPageMovable()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]