Re: [PATCH 2/2] PM / Sleep: Check the file capability when writing wake lock interface

From: Greg Kroah-Hartman
Date: Sun Dec 30 2018 - 09:48:51 EST


On Sun, Dec 30, 2018 at 09:28:56PM +0800, Lee, Chun-Yi wrote:
> The wake lock/unlock sysfs interfaces check that the writer must has
> CAP_BLOCK_SUSPEND capability. But the checking logic can be bypassed
> by opening sysfs file within an unprivileged process and then writing
> the file within a privileged process. The tricking way has been exposed
> by Andy Lutomirski in CVE-2013-1959.

Don't you mean "open by privileged and then written by unprivileged?"
Or if not, exactly how is this a problem? You check the capabilities
when you do the write and if that is not allowed then, well

And you are checking the namespace of the person trying to do the write
when the write happens, which is correct here, right?

If you really want to mess with wake locks in a namespaced environment,
then put it in a real namespaced environment, which is {HUGE HINT} not
sysfs.

So no, this patch isn't ok...

thanks,

greg k-h