Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp9850662imu; Sun, 30 Dec 2018 06:49:42 -0800 (PST) X-Google-Smtp-Source: ALg8bN6NQE2adbznxahKV7a9NcynvVbZfdM4lvKFyxknqkqFif9JBJngrtPGw71IqC5bfKqGjSzj X-Received: by 2002:a17:902:1105:: with SMTP id d5mr33110563pla.47.1546181382194; Sun, 30 Dec 2018 06:49:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546181382; cv=none; d=google.com; s=arc-20160816; b=CqVM5xarFjXkKO7Sz9uuCgEVruv0um15eMru1wVd9PAA391x51EOComxIJjuBbqx3G cXiQcKZP1/52u0wfD9eIS/5qVeggIwrzlBiA51dp5hEJ9U+7MNV+qts836chhRMWCl3s Jpm7lrFzM63u/CJ9zYT4mn31NkTGV5ny31zXGugydOkAGVpExUFoqt7r6xh6iUfPrSTi bRtY/Jts61VJr9+rxV6WWvT0I8nO6vE4c7mUjG9ZnILXm0JFuGc3N5gaeT/hV0j/QvkJ 9lqBY+dSYLXtGgIONrMZcl2cyBIkEnkQaVEOcBd67ikXqaav/AodOBIgl7gshYeWDglr HT1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=DXWb+qsQydNyq/R/uYE4t6oIgXj7Val9WlSXnJMr8hE=; b=h0uu1qeV0v/r58S0fW55Uwz/YpOxH32k8+/MT91zWgfYk9SwtR1aigFAqNMbyxKuf0 qg2zhIJjEiEOnattQKaIdVB7UMakeNVgk5k3d0kQCkwVsZpo2qxmjKRTcnvwnnSO9mpZ VmZvkoB/mnp6lzW4hotqib1GeUhrpvI5DOYL59FBcNoG4rviZ9Th72qT9MUd1QdH8w32 dsSNgFaEqegqDWu63mKohgKZlHbCbRQau9EELLxQAZFnXosyTEmX0OBSuA0VWDymlqEj 8yqxhvngR+bJ1jVSfcwBjemvtMEv0PwroX2UzqUiEUzlxTMT2Q/yC+jhzROX5iQAvnmO SvqQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="qPaR/APw"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i69si5260557pgd.71.2018.12.30.06.49.25; Sun, 30 Dec 2018 06:49:42 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="qPaR/APw"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726229AbeL3Osi (ORCPT + 99 others); Sun, 30 Dec 2018 09:48:38 -0500 Received: from mail.kernel.org ([198.145.29.99]:41934 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725925AbeL3Osi (ORCPT ); Sun, 30 Dec 2018 09:48:38 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5D02E20811; Sun, 30 Dec 2018 14:48:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1546181317; bh=RhGUK6hGsKpMGmYyO6LnX86IanwvMpsjhxYVI2HAD1Y=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=qPaR/APwRRHuSuV2d+sHoRLKw4G7c1b4fQopEg3Sxzov1qgnQKHyt0881784IIiQk PQ2uDyDWNzwdMeHcGdfqAyLC3Q3RyyHU0V5fojjXjE55I6lQNRtiNLWtOMfhRxKX6V nBCC9WPFATvm1QgHsHH01md8sfxyDaIvPAT8GODs= Date: Sun, 30 Dec 2018 15:48:35 +0100 From: Greg Kroah-Hartman To: "Lee, Chun-Yi" Cc: "Rafael J . Wysocki" , Pavel Machek , Len Brown , "Martin K . Petersen" , Randy Dunlap , Joe Perches , Bart Van Assche , linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org, "Lee, Chun-Yi" , Chen Yu , Giovanni Gherdovich , Jann Horn , Andy Lutomirski Subject: Re: [PATCH 2/2] PM / Sleep: Check the file capability when writing wake lock interface Message-ID: <20181230144835.GB18985@kroah.com> References: <20181230132856.24095-1-jlee@suse.com> <20181230132856.24095-3-jlee@suse.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181230132856.24095-3-jlee@suse.com> User-Agent: Mutt/1.11.1 (2018-12-01) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Dec 30, 2018 at 09:28:56PM +0800, Lee, Chun-Yi wrote: > The wake lock/unlock sysfs interfaces check that the writer must has > CAP_BLOCK_SUSPEND capability. But the checking logic can be bypassed > by opening sysfs file within an unprivileged process and then writing > the file within a privileged process. The tricking way has been exposed > by Andy Lutomirski in CVE-2013-1959. Don't you mean "open by privileged and then written by unprivileged?" Or if not, exactly how is this a problem? You check the capabilities when you do the write and if that is not allowed then, well And you are checking the namespace of the person trying to do the write when the write happens, which is correct here, right? If you really want to mess with wake locks in a namespaced environment, then put it in a real namespaced environment, which is {HUGE HINT} not sysfs. So no, this patch isn't ok... thanks, greg k-h