Re: [PATCH] psi: allow unprivileged users with CAP_SYS_RESOURCE to write psi files
From: Eric W. Biederman
Date: Thu Apr 01 2021 - 14:03:06 EST
Kees Cook <keescook@xxxxxxxxxxxx> writes:
> On Wed, Mar 31, 2021 at 11:36:28PM -0500, Eric W. Biederman wrote:
>> Josh Hunt <johunt@xxxxxxxxxx> writes:
>>
>> > Currently only root can write files under /proc/pressure. Relax this to
>> > allow tasks running as unprivileged users with CAP_SYS_RESOURCE to be
>> > able to write to these files.
>>
>> The test for CAP_SYS_RESOURCE really needs to be in open rather
>> than in write.
>>
>> Otherwise a suid root executable could have stdout redirected
>> into these files.
>
> Right. Or check against f_cred. (See uses of kallsyms_show_value())
> https://www.kernel.org/doc/html/latest/security/credentials.html#open-file-credentials
We really want to limit checking against f_cred to those cases where we
break userspace by checking in open. AKA the cases where we made the
mistake of putting the permission check in the wrong place and now can't
fix it.
Since this change is change the permissions that open uses already I
don't see any reason we can't perform a proper check in open.
Eric