Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp87462imm; Tue, 25 Sep 2018 16:38:09 -0700 (PDT) X-Google-Smtp-Source: ACcGV63bJ/IWUloX9x+Yid5VsM1mChHLOxkrJVWQa4V+Mu/GzskAw822VQQOxobt9N4YWOtFFo3A X-Received: by 2002:a62:3c7:: with SMTP id 190-v6mr3321639pfd.145.1537918689835; Tue, 25 Sep 2018 16:38:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537918689; cv=none; d=google.com; s=arc-20160816; b=QnGyuBxMkgzJhFBDQYKXd0LVTWvE4mo78bKs9fDZ4O+OwKY10zQkDp7tc0xXNips9T e6h+l6KRBdQgFL7gnb9en0QpTF50piqhAWj3Luv1E/oqiBnjA6kFGN+mF9iHLhMAS9c2 IZhSljwtf1Hmvm/7kQ418Bti5Mckis5OD44HcBlWgUfEJpzyyNxmRd5qUpEjn5hdkUba jdHfu0v4ktA3MHhr3hkVGy+DMYShYbwbhZLka0ETufyDlx4Bpdys9redZZSlyP5DvJ6L hI5as8GwAxLqB7RiI3ENQGXmZm9dQV3AhWVTDVRelcY4EmN+hO6evyngEQu4Wy0QKpog 607g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version; bh=a7XRh1Rkj4ipUyC8YQuYYJOk5A6CVkFJ53+9ZAqK/Pw=; b=sNSdooi6WsOVEA1dLKMMT3r7ObxCvKFT2oa0M8DrY9DvEwHq9TzT1Qu2HQZe+L8Hzd 8P7iWluKQvVrKjdYwm8BIAA4SXyP1+DWt0Lr60RMoUITtPLB+j8wEkUUtfxvqR5lCuIP SebRlpWjdldWZ89qhR/DT1Jj32QpbZX/h5E8htf8qpqnGr+jszXqVfWbWDDta6T/4/Hv LcrymVBLhhMW7sdevDpsl+k/jm+vdwu1YodCOJt3XetuvkK72VIP1MKawqBlJ7+1B6Jd GxuNOnBwDGTgyw7lfoI4KyHjWXwpp5yEQ2iqOMbKelaiPM8quZqylr7bGTjBFtFPXhr5 PcEw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vt.edu Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l1-v6si3704172plg.285.2018.09.25.16.37.54; Tue, 25 Sep 2018 16:38:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vt.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726596AbeIZFrT convert rfc822-to-8bit (ORCPT + 99 others); Wed, 26 Sep 2018 01:47:19 -0400 Received: from outbound.smtp.vt.edu ([198.82.183.121]:37830 "EHLO omr2.cc.vt.edu" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726089AbeIZFrT (ORCPT ); Wed, 26 Sep 2018 01:47:19 -0400 Received: from mr4.cc.vt.edu (mr4.cc.ipv6.vt.edu [IPv6:2607:b400:92:8300:0:7b:e2b1:6a29]) by omr2.cc.vt.edu (8.14.4/8.14.4) with ESMTP id w8PNbL7K028707 for ; Tue, 25 Sep 2018 19:37:21 -0400 Received: from mail-qk1-f198.google.com (mail-qk1-f198.google.com [209.85.222.198]) by mr4.cc.vt.edu (8.14.7/8.14.7) with ESMTP id w8PNbGmV024868 for ; Tue, 25 Sep 2018 19:37:21 -0400 Received: by mail-qk1-f198.google.com with SMTP id c22-v6so27633916qkb.18 for ; Tue, 25 Sep 2018 16:37:21 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=SBJLq7GB9bKcitGhBt9cVfz4e7R5rmfHPfqunRtthLI=; b=C6dY7kYWxF6XUtGFTHI8AYIOnF7BLUna1GSetRDA1cChLtx481hWQasHyr+MLneJxQ 2ul90fsNVOqCvMFGP52lE2YaVwlMMIskEpJFjqRvOvbEISKjbBneR4BUI6lrMzzrMhuV Xxg9m1YIFXxQh7YdX5JOUjhyJn32VGy5BbDJJLjS/IHTG+Gkr4Tgh7fKsmbhjdggg4SS 3jVCa5/SmYZ2a6UkkYHAZ/lfxYBaXmenO7pxJkepn5SjZQY0//v5pEGbjoUGLD98sWr4 J2OcO4N304vfx96KTYx8EEdD79kQZpIYDLcvJ7xi1ZwlwFm07zcFquya1jYLpZ3bKlQR 0NCg== X-Gm-Message-State: ABuFfojf8GFirpJHC+frOa9720QdSFS+l/sa6GWU3BV1JBHKV8Eu9GrF 2dTO/ENCxtlLjvRXQAJArJUqlQx0BOo28vjzJZd4PYTNZpJC7Kv3Y+LGjJZ9XNhKhVsc3u1quCg snu+VYVPzYIcJY6ce4hEKDT85da0hAElgPPA= X-Received: by 2002:a37:b982:: with SMTP id j124-v6mr2417314qkf.134.1537918636270; Tue, 25 Sep 2018 16:37:16 -0700 (PDT) X-Received: by 2002:a37:b982:: with SMTP id j124-v6mr2417301qkf.134.1537918636100; Tue, 25 Sep 2018 16:37:16 -0700 (PDT) Received: from ?IPv6:2601:5c0:c100:49da:1857:54ff:f889:7a68? ([2601:5c0:c100:49da:1857:54ff:f889:7a68]) by smtp.gmail.com with ESMTPSA id r20-v6sm1907806qtm.80.2018.09.25.16.37.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 25 Sep 2018 16:37:15 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\)) Subject: Re: different capability from different namespace required for prctl_set_mm_exe_file From: TongZhang In-Reply-To: <20180925183427.GH15710@uranus> Date: Tue, 25 Sep 2018 19:37:14 -0400 Cc: Greg KH , tglx@linutronix.de, akpm@linux-foundation.org, linux@dominikbrodowski.net, ebiederm@xmission.com, keescook@chromium.org, Dave.Martin@arm.com, wolffhardt.schwabe@fau.de, yang.shi@linux.alibaba.com, LKML , wenbo.s@samsung.com Content-Transfer-Encoding: 8BIT Message-Id: <7D0EDE0E-ADFB-4B43-90BB-1845FD0FEAE8@vt.edu> References: <990D0DB4-35C7-4B7B-A938-2B984CD97E78@vt.edu> <20180925173745.GA20508@kroah.com> <20180925183427.GH15710@uranus> To: Cyrill Gorcunov X-Mailer: Apple Mail (2.3445.100.39) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org I can see there are two problems, First: In kernel/sys.c:2117 capable(CAP_SYS_RESOURCE), seems that ns_capable should be used to check capability against user namespace, instead of init_user_ns. Because a process in a user namespace may call prctl system call and this should be checked against their user namespace capability instead of init_user_ns capability. Second: They should both require CAP_SYS_RESOURCE or CAP_SYS_ADMIN, is there any particular reasons for requiring different privilege? > On Sep 25, 2018, at 2:34 PM, Cyrill Gorcunov wrote: > > On Tue, Sep 25, 2018 at 07:37:45PM +0200, Greg KH wrote: >> On Tue, Sep 25, 2018 at 01:26:55PM -0400, Tong Zhang wrote: >>> Kernel Version: 4.18.5 >>> >>> Problem Description: >>> >>> We discovered inconsistent check when using prctl_set_mm_exe_file(), which is used to setup exe file link. >>> >>> It is required to have capable(CAP_SYS_RESOURCE) in prctl_set_mm(). >>> while ns_capable(CAP_SYS_ADMIN) in prctl_set_mm_map(). >>> >>> There are two differences: >>> 1)requiring capability from: user namespace, init namespace. >>> 2)capability bit required is different >> >> Can you submit a patch showing what you think is the correct fix here? > > It is done this way on purpose. The prctl_set_mm_map is a complex call > which carries a bunch of parameters and allowed if you're inside user-ns admin, > in turn prctl_set_mm allows to modify settings one by one. So no, it is not > an error but rather call specifics.