Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp170634imd; Wed, 31 Oct 2018 16:44:42 -0700 (PDT) X-Google-Smtp-Source: AJdET5fPKrBekTfBSm3WhcLhYOZUiDmzZCm4g0gJGnlWLjoey9JH6nIjcUTNiyuxtD9V5EHdpn6/ X-Received: by 2002:a63:1412:: with SMTP id u18mr4893725pgl.247.1541029482584; Wed, 31 Oct 2018 16:44:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1541029482; cv=none; d=google.com; s=arc-20160816; b=tMIkEgZ4fJJUswNtgaZ/+CvQV0OmM15eD3QjjvxU9CZHnP6EBn/b98AwpO83b/OJMw sOaDxuovMLj3GQDe3qMGWsjlTC4kcLkOgTGTteyqbmV6dWOEpTK6gA4t5Jm4+Ye57OUH jxlsV59AmE4SRKEtOU57EgF47SToFNIvM/xSCKRWwenz6XYYSyEbm0AUFBUxBdsiblxR YWLtsNPSBfQ+u522hLkx0juNPKS/VDNxloNPCqM6xCw4oCSac0Sy0I4QLkHKm+skqZF4 Y7g6hG1uCLDSMYBSg8lcp9IDAAcfNLiPyZRtPAAFlBo5mmsh3B4MHvTBEtW6SSenMJe0 MatQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=y0AnsA5pL+zdHfenYFLOhg4qCNb8LZKfxdhYMguy1ck=; b=zaJy8KGzefIYXYvWQUbD88tJlyC3jPE2eD8BpQ2KH0Kg6drGwh95OGQJ5lp0pHNFRJ HNR5icpmthF0wrYmf4/AfTqtFXnI8wBnQkbgGSYGH2mBFWSCyWS+Cpv8zE8L8l86WjcF IZPdh6qVdPbcW2XnjKWPdCBhf3Ahhigr9vyMMpCBhNZyhXjYjuVhCYGqpFiiu97mDyF+ hSJPvqQKjbKe4vPDhl/mY8yc2ElhiMtu5n423cMjZFzrUqgrGkALu/iCC8OeTV44Fbrr sYmX94u4zBBPIs7dyFrBp/QuA9t5+xNkT2n4VQTyXAbQ3LyrFA+EZhrxQk9asBNkS71p 2l0w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=RYyKMLTj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l63-v6si19070145plb.385.2018.10.31.16.44.28; Wed, 31 Oct 2018 16:44:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=RYyKMLTj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729441AbeKAInO (ORCPT + 99 others); Thu, 1 Nov 2018 04:43:14 -0400 Received: from mail.kernel.org ([198.145.29.99]:55992 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729065AbeKAIHu (ORCPT ); Thu, 1 Nov 2018 04:07:50 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9468C20840; Wed, 31 Oct 2018 23:07:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1541027259; bh=xabz9EZSl4Bi8I4yTd1ERkZFSI1yeG7rjxrQv/i/IeM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RYyKMLTjaq2Lp+UzoofZWQlCaKhXc8AkovPzYGLeBHrdP9Iy4yyZJUbzXJykSVq8f Gh0/haEaqBvBUbs9mOK44uXQlSXbFDN09T60UL+fsjb5LyBcPc4T1jF1cvr2tTLMs+ E2mzCGs435cxY7xSkhPIe8rE374cQPVbbqurGoHw= From: Sasha Levin To: stable@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Casey Schaufler , Casey Schaufler , Sasha Levin Subject: [PATCH AUTOSEL 4.19 130/146] Smack: ptrace capability use fixes Date: Wed, 31 Oct 2018 19:05:25 -0400 Message-Id: <20181031230541.28822-130-sashal@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181031230541.28822-1-sashal@kernel.org> References: <20181031230541.28822-1-sashal@kernel.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Casey Schaufler [ Upstream commit dcb569cf6ac99ca899b8109c128b6ae52477a015 ] This fixes a pair of problems in the Smack ptrace checks related to checking capabilities. In both cases, as reported by Lukasz Pawelczyk, the raw capability calls are used rather than the Smack wrapper that check addition restrictions. In one case, as reported by Jann Horn, the wrong task is being checked for capabilities. Signed-off-by: Casey Schaufler Signed-off-by: Sasha Levin --- security/smack/smack_lsm.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 340fc30ad85d..70d3066e69fe 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -421,6 +421,7 @@ static int smk_ptrace_rule_check(struct task_struct *tracer, struct smk_audit_info ad, *saip = NULL; struct task_smack *tsp; struct smack_known *tracer_known; + const struct cred *tracercred; if ((mode & PTRACE_MODE_NOAUDIT) == 0) { smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); @@ -429,7 +430,8 @@ static int smk_ptrace_rule_check(struct task_struct *tracer, } rcu_read_lock(); - tsp = __task_cred(tracer)->security; + tracercred = __task_cred(tracer); + tsp = tracercred->security; tracer_known = smk_of_task(tsp); if ((mode & PTRACE_MODE_ATTACH) && @@ -439,7 +441,7 @@ static int smk_ptrace_rule_check(struct task_struct *tracer, rc = 0; else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) rc = -EACCES; - else if (capable(CAP_SYS_PTRACE)) + else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred)) rc = 0; else rc = -EACCES; @@ -1841,6 +1843,7 @@ static int smack_file_send_sigiotask(struct task_struct *tsk, { struct smack_known *skp; struct smack_known *tkp = smk_of_task(tsk->cred->security); + const struct cred *tcred; struct file *file; int rc; struct smk_audit_info ad; @@ -1854,8 +1857,12 @@ static int smack_file_send_sigiotask(struct task_struct *tsk, skp = file->f_security; rc = smk_access(skp, tkp, MAY_DELIVER, NULL); rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); - if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) + + rcu_read_lock(); + tcred = __task_cred(tsk); + if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred)) rc = 0; + rcu_read_unlock(); smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); smk_ad_setfield_u_tsk(&ad, tsk); -- 2.17.1