Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp835682yba; Wed, 24 Apr 2019 10:21:51 -0700 (PDT) X-Google-Smtp-Source: APXvYqwVCzZhXrmAk+NtWVUkdu259oJ6eckfLdteOfJgmIo9AyvjvSjmmYhrd4cOxcAmGyJOcTf1 X-Received: by 2002:aa7:9089:: with SMTP id i9mr34525439pfa.115.1556126511643; Wed, 24 Apr 2019 10:21:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556126511; cv=none; d=google.com; s=arc-20160816; b=sww1D/N5jk3FPF/E7lS/5ahuokx1BrIewCsbjK2ypdnoMpQC01MK1V3hJS9ZQyjXAb CNJUMpwapJvAMb+12aK5Y2ocOIT08QBxZfnjMrmwfSLwoAd0fllbmbqfyvLPuzlJib2v yAnb58A71J1YuYBoJsHDU5ofDQagnGH9j373YHbylIEmFm/M7Q4BwsC6hVwQnE/8xfVC WVp5/5U98Mb1G01W9YhoVw608hyu8UTIeBs7S4rvfO+/lbugovAt6Duz7fuhOFwkkNsA etg5wq9Gsho8GNUSh4eprqZ/xGS8Kk1Mlp9Vzbyowgy6bZGtTjRK9R8RhTuHGG3dEZP7 bJyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=RJK7WIewdW422GtDDidTckMS45BbjSzwL7XIEApRbrA=; b=kviSc9L+GN1JkAclGQxxz68D9TznkgSapUpIzZEXLKgD6I7NtB+RFsjocrWSQUjlKC cP396Rlp+h++n1kAjrlf6hGu20oWz8QcZjTL2DTIo7JAjTsJoTt6zbqQL7y+nqt/BBwb CfIKMgyEBomEtdSpPQYEMayAwNsI2WA1E+4/Lz8arKuZIj57aLululEa1BxyoCng02x/ ai65dkKySmiNFY7hRyW1f5wdpnA/V8Hg1kGpfojFeyOCWol2U051g+IN488Lns+IDuDi kaEq8QjF0QyVh3PawPkCqDFpkBQiKF106jlmS1YsHe4JcZmciiXQaHscMPlJa2t5rhUL dgsQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=WT3YtM8a; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k12si17959856pgi.107.2019.04.24.10.21.35; Wed, 24 Apr 2019 10:21:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=WT3YtM8a; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388872AbfDXRSj (ORCPT + 99 others); Wed, 24 Apr 2019 13:18:39 -0400 Received: from mail.kernel.org ([198.145.29.99]:43682 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388857AbfDXRSg (ORCPT ); Wed, 24 Apr 2019 13:18:36 -0400 Received: from localhost (62-193-50-229.as16211.net [62.193.50.229]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 70F4321905; Wed, 24 Apr 2019 17:18:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1556126316; bh=rR7kvEX9uo3Hk4pghdRxf3KczhtYEZ1BS3twhO9/TGk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WT3YtM8abaJKqh7eSlm06D5KhFRPmxXxuQNFiPdGD5UZDLLp1ctQ9tG/zRN4btGq/ MXNNe9byPdpiEBtX5lXPlZWSAKXzoQ31u9bDc+Nd4yUGIy7+rxakiMGjLEaxNj6TLK B+q3wXQCm6XVFtEVxvXVjtB8lT7lw/L+wPeNaAKg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?UTF-8?q?Robert=20=C5=9Awi=C4=99cki?= , Peter Zijlstra , David Howells , Oleg Nesterov , Andy Lutomirski , "Eric W. Biederman" , Willy Tarreau , Kees Cook , Al Viro , Linus Torvalds , Federico Manuel Bento Subject: [PATCH 4.4 069/168] binfmt_elf: switch to new creds when switching to new mm Date: Wed, 24 Apr 2019 19:08:33 +0200 Message-Id: <20190424170927.836127577@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190424170923.452349382@linuxfoundation.org> References: <20190424170923.452349382@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Linus Torvalds commit 9f834ec18defc369d73ccf9e87a2790bfa05bf46 upstream. We used to delay switching to the new credentials until after we had mapped the executable (and possible elf interpreter). That was kind of odd to begin with, since the new executable will actually then _run_ with the new creds, but whatever. The bigger problem was that we also want to make sure that we turn off prof events and tracing before we start mapping the new executable state. So while this is a cleanup, it's also a fix for a possible information leak. Reported-by: Robert Święcki Tested-by: Peter Zijlstra Acked-by: David Howells Acked-by: Oleg Nesterov Acked-by: Andy Lutomirski Acked-by: Eric W. Biederman Cc: Willy Tarreau Cc: Kees Cook Cc: Al Viro Signed-off-by: Linus Torvalds Cc: Federico Manuel Bento Signed-off-by: Greg Kroah-Hartman --- fs/binfmt_elf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -850,6 +850,7 @@ static int load_elf_binary(struct linux_ current->flags |= PF_RANDOMIZE; setup_new_exec(bprm); + install_exec_creds(bprm); /* Do this so that we can load the interpreter, if need be. We will change some of these later */ @@ -1084,7 +1085,6 @@ static int load_elf_binary(struct linux_ goto out; #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */ - install_exec_creds(bprm); retval = create_elf_tables(bprm, &loc->elf_ex, load_addr, interp_load_addr); if (retval < 0)