system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-11-05 18:23:50 +00:00
Code Issues Projects Releases Packages Wiki Activity
linux/fs
History
Salvatore Mesoraca 30aba6656f namei: allow restricted O_CREAT of FIFOs and regular files 
Disallows open of FIFOs or regular files not owned by the user in world
writable sticky directories, unless the owner is the same as that of the
directory or the file is opened without the O_CREAT flag.  The purpose
is to make data spoofing attacks harder.  This protection can be turned
on and off separately for FIFOs and regular files via sysctl, just like
the symlinks/hardlinks protection.  This patch is based on Openwall's
"HARDEN_FIFO" feature by Solar Designer.

This is a brief list of old vulnerabilities that could have been prevented
by this feature, some of them even allow for privilege escalation:

CVE-2000-1134
CVE-2007-3852
CVE-2008-0525
CVE-2009-0416
CVE-2011-4834
CVE-2015-1838
CVE-2015-7442
CVE-2016-7489

This list is not meant to be complete.  It's difficult to track down all
vulnerabilities of this kind because they were often reported without any
mention of this particular attack vector.  In fact, before
hardlinks/symlinks restrictions, fifos/regular files weren't the favorite
vehicle to exploit them.

[s.mesoraca16@gmail.com: fix bug reported by Dan Carpenter]
  Link: https://lkml.kernel.org/r/20180426081456.GA7060@mwanda
  Link: http://lkml.kernel.org/r/1524829819-11275-1-git-send-email-s.mesoraca16@gmail.com
[keescook@chromium.org: drop pr_warn_ratelimited() in favor of audit changes in the future]
[keescook@chromium.org: adjust commit subjet]
Link: http://lkml.kernel.org/r/20180416175918.GA13494@beast
Signed-off-by: Salvatore Mesoraca <s.mesoraca16@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Suggested-by: Solar Designer <solar@openwall.com>
Suggested-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-08-23 18:48:43 -07:00
..
9p Pull request for inclusion in 4.19, take two 2018-08-17 17:27:58 -07:00
adfs adfs: use timespec64 for time conversion 2018-08-22 10:52:51 -07:00
affs
afs Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-08-15 15:04:25 -07:00
autofs Merge branch 'akpm' (patches from Andrew) 2018-08-22 12:34:08 -07:00
befs
bfs
btrfs overlayfs update for 4.19 2018-08-21 18:19:09 -07:00
cachefiles
ceph The main things are support for cephx v2 authentication protocol and 2018-08-20 18:26:55 -07:00
cifs Merge branch 'linus/master' into rdma.git for-next 2018-08-16 14:21:29 -06:00
coda
configfs
cramfs
crypto
debugfs
devpts
dlm
ecryptfs
efivarfs
efs
exofs
exportfs
ext2 Merge branch 'akpm' (patches from Andrew) 2018-08-17 16:49:31 -07:00
ext4 ext4: readpages() should submit IO as read-ahead 2018-08-17 16:20:29 -07:00
f2fs f2fs-for-4.19-rc1 2018-08-22 13:29:39 -07:00
fat fat: propagate 64-bit inode timestamps 2018-08-22 10:52:50 -07:00
freevxfs
fscache
fuse fuse update for 4.19 2018-08-21 18:47:36 -07:00
gfs2 gfs2 4.19 merge 2018-08-15 22:40:03 -07:00
hfs hfs: prevent crash on exit from failed search 2018-08-23 18:48:42 -07:00
hfsplus hfsplus: prevent crash on exit from failed search 2018-08-23 18:48:42 -07:00
hostfs vfs: discard ATTR_ATTR_FLAG 2018-08-17 16:20:28 -07:00
hpfs fs/hpfs: extend gmt_to_local() conversion to 64-bit times 2018-08-17 16:20:27 -07:00
hugetlbfs mm: zero out the vma in vma_init() 2018-08-22 10:52:44 -07:00
isofs
jbd2
jffs2
jfs Just one jfs patch for 4.19 2018-08-15 22:47:23 -07:00
kernfs Driver core patches for 4.19-rc1 2018-08-18 11:44:53 -07:00
lockd
minix
nfs Merge branch 'work.mkdir' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-08-13 20:25:58 -07:00
nfs_common
nfsd
nilfs2 fs/nilfs2/file.c: use new return type vm_fault_t 2018-08-22 10:52:49 -07:00
nls
notify Merge branch 'siginfo-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2018-08-21 13:47:29 -07:00
ntfs ntfs: mft: remove VLA usage 2018-08-17 16:20:27 -07:00
ocfs2 overlayfs update for 4.19 2018-08-21 18:19:09 -07:00
omfs
openpromfs
orangefs orangefs: remove redundant pointer orangefs_inode 2018-08-14 12:07:14 -04:00
overlayfs ovl: set I_CREATING on inode being created 2018-08-22 13:15:25 -07:00
proc proc/kcore: add vmcoreinfo note to /proc/kcore 2018-08-22 10:52:46 -07:00
pstore
qnx4
qnx6
quota
ramfs
reiserfs reiserfs: fix broken xattr handling (heap corruption, bad retval) 2018-08-22 10:52:50 -07:00
romfs
squashfs
sysfs Driver core patches for 4.19-rc1 2018-08-18 11:44:53 -07:00
sysv fs/sysv/inode.c: use ktime_get_real_seconds() for superblock stamp 2018-08-22 10:52:51 -07:00
tracefs
ubifs
udf \n 2018-08-17 09:38:39 -07:00
ufs fs/ufs: use ktime_get_real_seconds for sb and cg timestamps 2018-08-17 16:20:27 -07:00
xfs overlayfs update for 4.19 2018-08-21 18:19:09 -07:00
aio.c Merge branch 'work.aio' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-08-13 20:56:23 -07:00
anon_inodes.c
attr.c
bad_inode.c
binfmt_aout.c
binfmt_elf.c Here are the main MIPS changes for 4.19. 2018-08-13 19:24:32 -07:00
binfmt_elf_fdpic.c
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
block_dev.c for-4.19/block-20180812 2018-08-14 10:23:25 -07:00
buffer.c fs, mm: account buffer_head to kmemcg 2018-08-17 16:20:30 -07:00
char_dev.c
compat.c
compat_binfmt_elf.c
compat_ioctl.c
coredump.c
d_path.c
dax.c
dcache.c fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() 2018-08-17 16:20:28 -07:00
dcookies.c
direct-io.c
drop_caches.c
eventfd.c
eventpoll.c fs/eventpoll.c: simplify ep_is_linked() callers 2018-08-22 10:52:49 -07:00
exec.c Merge branch 'siginfo-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2018-08-21 13:47:29 -07:00
fcntl.c signal: Don't send signals to tasks that don't exist 2018-08-15 23:03:20 -05:00
fhandle.c
file.c
file_table.c overlayfs update for 4.19 2018-08-21 18:19:09 -07:00
filesystems.c
fs-writeback.c
fs_pin.c
fs_struct.c
inode.c overlayfs update for 4.19 2018-08-21 18:19:09 -07:00
internal.h overlayfs update for 4.19 2018-08-21 18:19:09 -07:00
ioctl.c
iomap.c Changes since last update: 2018-08-21 18:15:47 -07:00
Kconfig
Kconfig.binfmt
libfs.c
locks.c overlayfs update for 4.19 2018-08-21 18:19:09 -07:00
Makefile
mbcache.c
mount.h
mpage.c mpage: mpage_readpages() should submit IO as read-ahead 2018-08-17 16:20:29 -07:00
namei.c namei: allow restricted O_CREAT of FIFOs and regular files 2018-08-23 18:48:43 -07:00
namespace.c overlayfs update for 4.19 2018-08-21 18:19:09 -07:00
no-block.c
nsfs.c
open.c overlayfs update for 4.19 2018-08-21 18:19:09 -07:00
pipe.c Merge branch 'work.open3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-08-13 19:58:36 -07:00
pnode.c
pnode.h
posix_acl.c
proc_namespace.c
read_write.c
readdir.c
select.c
seq_file.c fs/seq_file.c: simplify seq_file iteration code and interface 2018-08-17 16:20:28 -07:00
signalfd.c
splice.c
stack.c
stat.c
statfs.c
super.c mm: add SHRINK_EMPTY shrinker methods return value 2018-08-17 16:20:31 -07:00
sync.c
timerfd.c Merge branch 'work.aio' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-08-13 20:56:23 -07:00
userfaultfd.c userfaultfd: use fault_wqh lock 2018-08-22 10:52:47 -07:00
utimes.c
xattr.c