Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3479499imu; Sun, 11 Nov 2018 16:03:18 -0800 (PST) X-Google-Smtp-Source: AJdET5fPMv2YcvOpGhfvsFN2CtpfwjBvOqe2I6az1EIA9MAwYlIRv5akxHNCLlB8rzTU7UYAk4Uu X-Received: by 2002:a62:6981:: with SMTP id e123-v6mr17888428pfc.104.1541980998865; Sun, 11 Nov 2018 16:03:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541980998; cv=none; d=google.com; s=arc-20160816; b=NftRWOoTOxtrKYMlD06Y4p06MK+y2oUR7flEXug7qIjeKrXzAhwpwW1GvXH3sKhxX1 eZzU4nvy5xp8i4GsE15pHhbJnsPMZjxkzdxdk7Uo2nzAUhP3hg++Pxv997Htg81wrE0G 2hXfa8xm6JgKc/R1qnvEaby+MsXnMwCXenQ2XKClWpfo+v5zgWHv1Bx4j+qepujxbMnP c904apwVgfaqLPDAglO8eh6pKbsjUGU/DQvbkFYDRaV2raR+ZWko/99TqvQh17I8t651 aYoHmX9Lz/qjt/lf7riE6yRR+7QwSugLOmpRJk4Xus+eczEQtcmgh8EB+hs9RLG1fctR HSMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=HNzkoy7VBFLROSTghAHpsvPHt1j1gzJiql8lkpA3G9o=; b=ZgV4Z5UeTxIKWRiE0Y/eC7BoGQes13nPZ5D4sxbgSVh1TC8hXUD0vu26Dw3S/U1yHS Vr6krHbrQeczgQgRHxaVkLFD4aLrVMI8uKgMCbxj2HvcEc7A/UwshaVnXxOp0t5vj9CJ pai0ImDbUI08UxTyABWQdqT36dSvsLc8tJsikWeylW4COVhSLu7Ijcz/gdPvuY0ZYvdB JFcyJLWYPpIebLTYhin+LJRqz+RpnS7+HgjHAtDZRw5wci1nCXnOP4RVBt2/sCn/ZasA 4SjpFclYgSJq6Zyb5yrMBGhXqdHKFvztAPvhi60hDJ+OKbARlAXrVxA2WukjAdmrT2KO nQ2A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=02Z9orLh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k5si14385837pgr.69.2018.11.11.16.03.03; Sun, 11 Nov 2018 16:03:18 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=02Z9orLh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732288AbeKLJxA (ORCPT + 99 others); Mon, 12 Nov 2018 04:53:00 -0500 Received: from mail.kernel.org ([198.145.29.99]:34412 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732150AbeKLIRx (ORCPT ); Mon, 12 Nov 2018 03:17:53 -0500 Received: from localhost (unknown [206.108.79.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C4615223DD; Sun, 11 Nov 2018 22:27:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1541975277; bh=crdADcCBfWX4obH68E4Va3BWFZFrKKm0Y84XfZul08Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=02Z9orLhSDt/cnjgVjkyiDe5HcHcwAIRV+pRoQfb/Yt6Z1FYe01rY4p02Vv3oxWc1 jQwDCb9eUjZxkH5NMxE+kKk3wE2aQ5/LqR2YnYZddgnEAI6IZajCkpWjMUIpp/HzmR mufCuXSZVwt9M/WNFUbJ6kQXH6iSnZ7uiF12CcTg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Casey Schaufler , Sasha Levin Subject: [PATCH 4.19 174/361] Smack: ptrace capability use fixes Date: Sun, 11 Nov 2018 14:18:41 -0800 Message-Id: <20181111221644.677930804@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181111221619.915519183@linuxfoundation.org> References: <20181111221619.915519183@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.19-stable review patch. If anyone has any objections, please let me know. ------------------ From: Casey Schaufler [ Upstream commit dcb569cf6ac99ca899b8109c128b6ae52477a015 ] This fixes a pair of problems in the Smack ptrace checks related to checking capabilities. In both cases, as reported by Lukasz Pawelczyk, the raw capability calls are used rather than the Smack wrapper that check addition restrictions. In one case, as reported by Jann Horn, the wrong task is being checked for capabilities. Signed-off-by: Casey Schaufler Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- security/smack/smack_lsm.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -421,6 +421,7 @@ static int smk_ptrace_rule_check(struct struct smk_audit_info ad, *saip = NULL; struct task_smack *tsp; struct smack_known *tracer_known; + const struct cred *tracercred; if ((mode & PTRACE_MODE_NOAUDIT) == 0) { smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK); @@ -429,7 +430,8 @@ static int smk_ptrace_rule_check(struct } rcu_read_lock(); - tsp = __task_cred(tracer)->security; + tracercred = __task_cred(tracer); + tsp = tracercred->security; tracer_known = smk_of_task(tsp); if ((mode & PTRACE_MODE_ATTACH) && @@ -439,7 +441,7 @@ static int smk_ptrace_rule_check(struct rc = 0; else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN) rc = -EACCES; - else if (capable(CAP_SYS_PTRACE)) + else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred)) rc = 0; else rc = -EACCES; @@ -1841,6 +1843,7 @@ static int smack_file_send_sigiotask(str { struct smack_known *skp; struct smack_known *tkp = smk_of_task(tsk->cred->security); + const struct cred *tcred; struct file *file; int rc; struct smk_audit_info ad; @@ -1854,8 +1857,12 @@ static int smack_file_send_sigiotask(str skp = file->f_security; rc = smk_access(skp, tkp, MAY_DELIVER, NULL); rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc); - if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) + + rcu_read_lock(); + tcred = __task_cred(tsk); + if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred)) rc = 0; + rcu_read_unlock(); smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); smk_ad_setfield_u_tsk(&ad, tsk);