• Eric W. Biederman's avatar
    net: Update the sysctl permissions handler to test effective uid/gid · 88ba09df
    Eric W. Biederman authored
    On Tue, 20 Aug 2013 11:40:04 -0500 Eric Sandeen <sandeen@redhat.com> wrote:
    > This was brought up in a Red Hat bug (which may be marked private, I'm sorry):
    >
    > Bug 987055 - open O_WRONLY succeeds on some root owned files in /proc for process running with unprivileged EUID
    >
    > "On RHEL7 some of the files in /proc can be opened for writing by an unprivileged EUID."
    >
    > The flaw existed upstream as well last I checked.
    >
    > This commit in kernel v3.8 caused the regression:
    >
    > commit cff10976
    > Author: Eric W. Biederman <ebiederm@xmission.com>
    > Date:   Fri Nov 16 03:03:01 2012 +0000
    >
    >     net: Update the per network namespace sysctls to be available to the network namespace owner
    >
    >     - Allow anyone with CAP_NET_ADMIN rights in the user namespace of the
    >       the netowrk namespace to change sysctls.
    >     - Allow anyone the uid of the user namespace root the same
    >       permissions over the network namespace sysctls as the global root.
    >     - Allow anyone with gid of the user namespace root group the same
    >       permissions over the network namespace sysctl as the global root group.
    >
    >     Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
    >     Signed-off-by: David S. Miller <davem@davemloft.net>
    >
    > because it changed /sys/net's special permission handler to test current_uid, not
    > current_euid; same for current_gid/current_egid.
    >
    > So in this case, root cannot drop privs via set[ug]id, and retains all privs
    > in this codepath.
    
    Modify the code to use current_euid(), and in_egroup_p, as in done
    in fs/proc/proc_sysctl.c:test_perm()
    
    Cc: stable@vger.kernel.org
    Reviewed-by: default avatarEric Sandeen <sandeen@redhat.com>
    Reported-by: default avatarEric Sandeen <sandeen@redhat.com>
    Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    88ba09df
sysctl_net.c 2.79 KB