On Wed, Jun 23, 2010 at 07:28:59PM -0500, Serge E. Hallyn wrote:
> > +==============================================================
> > diff --git a/fs/exec.c b/fs/exec.c
> > index e19de6a..85092e3 100644
> > --- a/fs/exec.c
> > +++ b/fs/exec.c
> > @@ -55,6 +55,7 @@
> > #include <linux/fsnotify.h>
> > #include <linux/fs_struct.h>
> > #include <linux/pipe_fs_i.h>
> > +#include <linux/ctype.h>
> >
> > #include <asm/uaccess.h>
> > #include <asm/mmu_context.h>
>
> Can you explain the fs/exec.c hunk?
Argh. This is a mis-rebase when I was working on the get_task_comm patch.
This belongs there. I will resend both.
> > + while (walker->pid > 0) {
> > + if (walker == current)
> > + break;
> > + walker = walker->real_parent;
> > + }
> > + if (walker->pid == 0)
> > + rc = -EPERM;
>
> Don't recall whether I ended up sending the email addressing this
> last time, but task->pid is the global pid, so pid==0 does mean
> what you think it does regardless of pid namespaces.
Okay, good, thanks.
> > + /* owner and follower match? */
> > + cred = current_cred();
> > + inode = dentry->d_inode;
> > + if (cred->fsuid == inode->i_uid)
> > + return 0;
>
> This'll need user-namespace luvin' at some point, but that's my problem,
> not yours.
That's going to be quite a patch. :) I'm looking forward to it!
-Kees
--
Kees Cook
Ubuntu Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
