The kernel has some dangerous behavior involving the creation and modification of setgid executables. These issues aren't kernel security bugs per se, but they have been used to turn various filesystem permission oddities into reliably privilege escalation exploits. See http://www.halfdog.net/Security/2015/SetgidDirectoryPrivilegeEscalation/ for a nice writeup. Let's fix them for real. Andy Lutomirski (2): fs: Check f_cred instead of current's creds in should_remove_suid() fs: Harden against open(..., O_CREAT, 02777) in a setgid directory fs/inode.c | 37 ++++++++++++++++++++++++++++++------- fs/internal.h | 2 +- fs/ocfs2/file.c | 4 ++-- fs/open.c | 2 +- include/linux/fs.h | 2 +- 5 files changed, 35 insertions(+), 12 deletions(-) -- 2.9.3 -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
