Re: [PATCH] psi: allow unprivileged users with CAP_SYS_RESOURCE to write psi files
From: Josh Hunt
Date: Thu Apr 01 2021 - 15:24:19 EST
On 4/1/21 10:47 AM, Eric W. Biederman wrote:
Kees Cook <keescook@xxxxxxxxxxxx> writes:
On Wed, Mar 31, 2021 at 11:36:28PM -0500, Eric W. Biederman wrote:
Josh Hunt <johunt@xxxxxxxxxx> writes:
Currently only root can write files under /proc/pressure. Relax this to
allow tasks running as unprivileged users with CAP_SYS_RESOURCE to be
able to write to these files.
The test for CAP_SYS_RESOURCE really needs to be in open rather
than in write.
Otherwise a suid root executable could have stdout redirected
into these files.
Right. Or check against f_cred. (See uses of kallsyms_show_value())
https://urldefense.com/v3/__https://www.kernel.org/doc/html/latest/security/credentials.html*open-file-credentials__;Iw!!GjvTz_vk!B_aeVyHMG20VNUGx001EFKpeYlahLQHye7oS8sokXuZOhVDTtF_deDl71a_KYA$
We really want to limit checking against f_cred to those cases where we
break userspace by checking in open. AKA the cases where we made the
mistake of putting the permission check in the wrong place and now can't
fix it.
Since this change is change the permissions that open uses already I
don't see any reason we can't perform a proper check in open.
Eric
Thank you for the feedback. I will spin a v2 doing the check in open.
Josh