On Wed, Feb 28, 2018 at 1:22 AM, Salvatore Mesoraca <s.mesoraca16@xxxxxxxxx> wrote: > 2018-02-27 21:22 GMT+01:00 Kees Cook <keescook@xxxxxxxxxxxx>: >> On Tue, Feb 27, 2018 at 11:47 AM, Kees Cook <keescook@xxxxxxxxxxxx> wrote: >>> On Tue, Feb 27, 2018 at 3:00 AM, Salvatore Mesoraca >>> <s.mesoraca16@xxxxxxxxx> wrote: >>>> Disallows open of FIFOs or regular files not owned by the user in world >>>> writable sticky directories, unless the owner is the same as that of >>>> the directory or the file is opened without the O_CREAT flag. >>>> The purpose is to make data spoofing attacks harder. >>>> This protection can be turned on and off separately for FIFOs and regular >>>> files via sysctl, just like the symlinks/hardlinks protection. >>>> This patch is based on Openwall's "HARDEN_FIFO" feature by Solar >>>> Designer. >>>> >>>> This is a brief list of old vulnerabilities that could have been prevented >>>> by this feature, some of them even allow for privilege escalation: >>>> CVE-2000-1134 >>>> CVE-2007-3852 >>>> CVE-2008-0525 >>>> CVE-2009-0416 >>>> CVE-2011-4834 >>>> CVE-2015-1838 >>>> CVE-2015-7442 >>>> CVE-2016-7489 >>>> >>>> This list is not meant to be complete. It's difficult to track down >>>> all vulnerabilities of this kind because they were often reported >>>> without any mention of this particular attack vector. >>>> In fact, before hardlinks/symlinks restrictions, fifos/regular >>>> files weren't the favorite vehicle to exploit them. >>>> >>>> Suggested-by: Solar Designer <solar@xxxxxxxxxxxx> >>>> Suggested-by: Kees Cook <keescook@xxxxxxxxxxxx> >>>> Signed-off-by: Salvatore Mesoraca <s.mesoraca16@xxxxxxxxx> >>>> [...] >>> >>> I think this looks great. >>> >>> Acked-by: Kees Cook <keescook@xxxxxxxxxxxx> >> >> Tested-by: Kees Cook <keescook@xxxxxxxxxxxx> > > Awesome! Thank you very much for your help! Salvatore, do you want to send this again as a v5 with my two follow-up patches, as I have them here: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=kspp/userspace/protected-creat or would you like me to send those? I would expect this series to land via the -mm tree, since that tends to be the catch-all. (In which case, the series should be To: akpm with everyone else in Cc.) -Kees -- Kees Cook Pixel Security
