Patch "groups: Consolidate the setgroups permission checks" has been added to the 3.10-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    groups: Consolidate the setgroups permission checks

to the 3.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     groups-consolidate-the-setgroups-permission-checks.patch
and it can be found in the queue-3.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 7ff4d90b4c24a03666f296c3d4878cd39001e81e Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Date: Fri, 5 Dec 2014 17:19:27 -0600
Subject: groups: Consolidate the setgroups permission checks

From: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>

commit 7ff4d90b4c24a03666f296c3d4878cd39001e81e upstream.

Today there are 3 instances of setgroups and due to an oversight their
permission checking has diverged.  Add a common function so that
they may all share the same permission checking code.

This corrects the current oversight in the current permission checks
and adds a helper to avoid this in the future.

A user namespace security fix will update this new helper, shortly.

Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 arch/s390/kernel/compat_linux.c |    2 +-
 include/linux/cred.h            |    1 +
 kernel/groups.c                 |    9 ++++++++-
 kernel/uid16.c                  |    2 +-
 4 files changed, 11 insertions(+), 3 deletions(-)

--- a/arch/s390/kernel/compat_linux.c
+++ b/arch/s390/kernel/compat_linux.c
@@ -248,7 +248,7 @@ asmlinkage long sys32_setgroups16(int gi
 	struct group_info *group_info;
 	int retval;
 
-	if (!capable(CAP_SETGID))
+	if (!may_setgroups())
 		return -EPERM;
 	if ((unsigned)gidsetsize > NGROUPS_MAX)
 		return -EINVAL;
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -68,6 +68,7 @@ extern void groups_free(struct group_inf
 extern int set_current_groups(struct group_info *);
 extern int set_groups(struct cred *, struct group_info *);
 extern int groups_search(const struct group_info *, kgid_t);
+extern bool may_setgroups(void);
 
 /* access the groups "array" with this macro */
 #define GROUP_AT(gi, i) \
--- a/kernel/groups.c
+++ b/kernel/groups.c
@@ -223,6 +223,13 @@ out:
 	return i;
 }
 
+bool may_setgroups(void)
+{
+	struct user_namespace *user_ns = current_user_ns();
+
+	return ns_capable(user_ns, CAP_SETGID);
+}
+
 /*
  *	SMP: Our groups are copy-on-write. We can set them safely
  *	without another task interfering.
@@ -233,7 +240,7 @@ SYSCALL_DEFINE2(setgroups, int, gidsetsi
 	struct group_info *group_info;
 	int retval;
 
-	if (!nsown_capable(CAP_SETGID))
+	if (!may_setgroups())
 		return -EPERM;
 	if ((unsigned)gidsetsize > NGROUPS_MAX)
 		return -EINVAL;
--- a/kernel/uid16.c
+++ b/kernel/uid16.c
@@ -176,7 +176,7 @@ SYSCALL_DEFINE2(setgroups16, int, gidset
 	struct group_info *group_info;
 	int retval;
 
-	if (!nsown_capable(CAP_SETGID))
+	if (!may_setgroups())
 		return -EPERM;
 	if ((unsigned)gidsetsize > NGROUPS_MAX)
 		return -EINVAL;


Patches currently in stable-queue which might be from ebiederm@xxxxxxxxxxxx are

queue-3.10/mnt-update-unprivileged-remount-test.patch
queue-3.10/userns-check-euid-no-fsuid-when-establishing-an-unprivileged-uid-mapping.patch
queue-3.10/mnt-implicitly-add-mnt_nodev-on-remount-when-it-was-implicitly-added-by-mount.patch
queue-3.10/userns-don-t-allow-unprivileged-creation-of-gid-mappings.patch
queue-3.10/userns-rename-id_map_mutex-to-userns_state_mutex.patch
queue-3.10/userns-add-a-knob-to-disable-setgroups-on-a-per-user-namespace-basis.patch
queue-3.10/userns-allow-setting-gid_maps-without-privilege-when-setgroups-is-disabled.patch
queue-3.10/userns-don-t-allow-setgroups-until-a-gid-mapping-has-been-setablished.patch
queue-3.10/groups-consolidate-the-setgroups-permission-checks.patch
queue-3.10/userns-only-allow-the-creator-of-the-userns-unprivileged-mappings.patch
queue-3.10/userns-document-what-the-invariant-required-for-safe-unprivileged-mappings.patch
queue-3.10/umount-disallow-unprivileged-mount-force.patch
queue-3.10/userns-unbreak-the-unprivileged-remount-tests.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]