Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp3247546imj; Mon, 11 Feb 2019 17:04:13 -0800 (PST) X-Google-Smtp-Source: AHgI3IZ1Iyr9xAb/v3FuwpxSQE1LBnmEdwWHly1fg59d2xgV6i2SF2prZnGIGksYVWbd8wppH+Af X-Received: by 2002:a63:c946:: with SMTP id y6mr1094721pgg.109.1549933453750; Mon, 11 Feb 2019 17:04:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549933453; cv=none; d=google.com; s=arc-20160816; b=b8M/weB+iONhV5tss04jCVCdCVmxdFrnJH1sS5Q9DutJioNNZG8H/bJg74f3Mrxww2 f7ovY4ZUFO2rMvv347MD+B3sgUr6/81BCat56phVFqU+8Qh1m27cma8CcTKh8Fq2q6qU OfifhMxWwGgeSJCv0Yw7u3iY2aePvROt4FhBbW5yqOKAGWgavP75sIdWBmeACvHEDUuy yKui8n4fPlxy/LF8MicfVHc98ORIqDTYwZfYYQ5q4VM1BlA1C2nz6uO4CSj+UOD16ha4 LMtWZMQFiSzE0FUO0JZ6KCKA3G66Ap5EvKyv3dbr65mh2kvEkduS2KxlL3sCJa9GExyC rJWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:subject:mime-version:user-agent :message-id:in-reply-to:date:references:cc:to:from; bh=QRvSkKfA0Mf9brHbXWqhojP9jKGAXHwsva8Drzl4sXk=; b=IGMSLFX3yN+xkkDdAbpovDo6tzomPkh6dLTrfA++7UCwDDFNDjc0uVSEp3cuQ22Fq6 Vu4S/8jzaG0K4fbeS11mdhrgL80+cc3rW75tXvhVzB9R0itKr6TgewLs4u7IvyMICJM6 J/h8BBZ82MsPD0Gb77lFC+TYAqNjZyuZjAHNCGZpKtrs4ZGzIXNiRMoI5utemsrAEFIs CnW2FbGks99z5jnUCv8n/pXq2FcKPRKGh1bQ0Q8qZNyqvDXnlIBfajM3vD4Cr9wScouR V7TATZQ6i6sNnOToMONnIe3Wj0amc6VsQLzRvOVyUfK759QLG4sTEgIvuLLQm3NCgwkp mzuw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t16si10831224pgl.63.2019.02.11.17.03.57; Mon, 11 Feb 2019 17:04:13 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727988AbfBLBC0 (ORCPT + 99 others); Mon, 11 Feb 2019 20:02:26 -0500 Received: from out01.mta.xmission.com ([166.70.13.231]:55881 "EHLO out01.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727890AbfBLBCZ (ORCPT ); Mon, 11 Feb 2019 20:02:25 -0500 Received: from in02.mta.xmission.com ([166.70.13.52]) by out01.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1gtMSs-0007Sg-Pn; Mon, 11 Feb 2019 18:02:22 -0700 Received: from ip68-227-174-240.om.om.cox.net ([68.227.174.240] helo=x220.xmission.com) by in02.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1gtMSh-0005SX-Nm; Mon, 11 Feb 2019 18:02:22 -0700 From: ebiederm@xmission.com (Eric W. Biederman) To: Greg Kroah-Hartman Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Benjamin Gordon , John Stultz , Kees Cook , "Serge E. Hallyn" , Thomas Gleixner , Arjan van de Ven , Oren Laadan , Ruchi Kandoi , Rom Lemarchand , Todd Kjos , Colin Cross , Nick Kralevich , Dmitry Shmidt , Elliott Hughes , Alexey Dobriyan , Andrew Morton , Linus Torvalds , Sasha Levin References: <20190211141846.543045703@linuxfoundation.org> <20190211141904.885459037@linuxfoundation.org> Date: Mon, 11 Feb 2019 19:02:06 -0600 In-Reply-To: <20190211141904.885459037@linuxfoundation.org> (Greg Kroah-Hartman's message of "Mon, 11 Feb 2019 15:18:29 +0100") Message-ID: <87tvh9es4x.fsf@xmission.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1gtMSh-0005SX-Nm;;;mid=<87tvh9es4x.fsf@xmission.com>;;;hst=in02.mta.xmission.com;;;ip=68.227.174.240;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX184pEWpyPE07UBzc04qKB3dbVw1qNDY/LI= X-SA-Exim-Connect-IP: 68.227.174.240 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on sa03.xmission.com X-Spam-Level: ** X-Spam-Status: No, score=2.0 required=8.0 tests=ALL_TRUSTED,BAYES_50, DCC_CHECK_NEGATIVE,T_TM2_M_HEADER_IN_MSG,T_TooManySym_01, T_TooManySym_02,XMNoVowels,XMSubLong autolearn=disabled version=3.4.2 X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5000] * 0.7 XMSubLong Long Subject * 1.5 XMNoVowels Alpha-numberic number with no vowels * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa03 0; Body=1 Fuz1=1 Fuz2=1] * 0.0 T_TooManySym_01 4+ unique symbols in subject * 0.0 T_TooManySym_02 5+ unique symbols in subject X-Spam-DCC: ; sa03 0; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: **;Greg Kroah-Hartman X-Spam-Relay-Country: X-Spam-Timing: total 10577 ms - load_scoreonly_sql: 0.04 (0.0%), signal_user_changed: 4.5 (0.0%), b_tie_ro: 3.6 (0.0%), parse: 1.12 (0.0%), extract_message_metadata: 36 (0.3%), get_uri_detail_list: 3.8 (0.0%), tests_pri_-1000: 56 (0.5%), tests_pri_-950: 1.14 (0.0%), tests_pri_-900: 0.98 (0.0%), tests_pri_-90: 31 (0.3%), check_bayes: 30 (0.3%), b_tokenize: 10 (0.1%), b_tok_get_all: 10 (0.1%), b_comp_prob: 2.3 (0.0%), b_tok_touch_all: 5 (0.0%), b_finish: 0.57 (0.0%), tests_pri_0: 2850 (26.9%), check_dkim_signature: 0.41 (0.0%), check_dkim_adsp: 2483 (23.5%), poll_dns_idle: 10034 (94.9%), tests_pri_10: 1.65 (0.0%), tests_pri_500: 7592 (71.8%), rewrite_mail: 0.00 (0.0%) Subject: Re: [PATCH 4.20 282/352] fs/proc/base.c: use ns_capable instead of capable for timerslack_ns X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Greg Kroah-Hartman writes: > 4.20-stable review patch. If anyone has any objections, please let me > know. No objection. But I think of this as a feature addition rather than a fix for something. As a feature that we now allow something we previously did not does this qualify for a backport to stable? It is probably no more harmful in this instance than adding PCI IDs to a driver. So I am not worried. I am curious the current guidelines are. In most cases a small relaxation of permissions like this requires a lot of bug fixing as typically code protected by capable(CAP_XXX) has been written and tested assuming a trusted root user. Those bug fixes are many times too large for a stable backport. Eric > ------------------ > > [ Upstream commit 8da0b4f692c6d90b09c91f271517db746a22ff67 ] > > Access to timerslack_ns is controlled by a process having CAP_SYS_NICE > in its effective capability set, but the current check looks in the root > namespace instead of the process' user namespace. Since a process is > allowed to do other activities controlled by CAP_SYS_NICE inside a > namespace, it should also be able to adjust timerslack_ns. > > Link: http://lkml.kernel.org/r/20181030180012.232896-1-bmgordon@google.com > Signed-off-by: Benjamin Gordon > Acked-by: "Eric W. Biederman" > Cc: John Stultz > Cc: "Eric W. Biederman" > Cc: Kees Cook > Cc: "Serge E. Hallyn" > Cc: Thomas Gleixner > Cc: Arjan van de Ven > Cc: Oren Laadan > Cc: Ruchi Kandoi > Cc: Rom Lemarchand > Cc: Todd Kjos > Cc: Colin Cross > Cc: Nick Kralevich > Cc: Dmitry Shmidt > Cc: Elliott Hughes > Cc: Alexey Dobriyan > Signed-off-by: Andrew Morton > Signed-off-by: Linus Torvalds > Signed-off-by: Sasha Levin > --- > fs/proc/base.c | 12 +++++++++--- > 1 file changed, 9 insertions(+), 3 deletions(-) > > diff --git a/fs/proc/base.c b/fs/proc/base.c > index ce3465479447..98525af0953e 100644 > --- a/fs/proc/base.c > +++ b/fs/proc/base.c > @@ -2356,10 +2356,13 @@ static ssize_t timerslack_ns_write(struct file *file, const char __user *buf, > return -ESRCH; > > if (p != current) { > - if (!capable(CAP_SYS_NICE)) { > + rcu_read_lock(); > + if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) { > + rcu_read_unlock(); > count = -EPERM; > goto out; > } > + rcu_read_unlock(); > > err = security_task_setscheduler(p); > if (err) { > @@ -2392,11 +2395,14 @@ static int timerslack_ns_show(struct seq_file *m, void *v) > return -ESRCH; > > if (p != current) { > - > - if (!capable(CAP_SYS_NICE)) { > + rcu_read_lock(); > + if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) { > + rcu_read_unlock(); > err = -EPERM; > goto out; > } > + rcu_read_unlock(); > + > err = security_task_getscheduler(p); > if (err) > goto out;