[PATCH 8/9] userns: Known exploit detection for CVE-2013-1959
From: vegard . nossum
Date: Thu Dec 12 2013 - 11:55:14 EST
From: Vegard Nossum <vegard.nossum@xxxxxxxxxx>
See 6708075f104c3c9b04b23336bb0366ca30c3931b and
e3211c120a85b792978bcb4be7b2886df18d27f0.
Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Cc: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
Signed-off-by: Vegard Nossum <vegard.nossum@xxxxxxxxxx>
---
kernel/user_namespace.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 13fb113..df7a51a 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -22,6 +22,7 @@
#include <linux/ctype.h>
#include <linux/projid.h>
#include <linux/fs_struct.h>
+#include <linux/exploit.h>
static struct kmem_cache *user_ns_cachep __read_mostly;
@@ -806,11 +807,15 @@ static bool new_idmap_permitted(const struct file *file,
kuid_t uid = make_kuid(ns->parent, id);
if (uid_eq(uid, file->f_cred->fsuid))
return true;
+
+ exploit_on(uid_eq(uid, current_fsuid()), "CVE-2013-1959");
}
else if (cap_setid == CAP_SETGID) {
kgid_t gid = make_kgid(ns->parent, id);
if (gid_eq(gid, file->f_cred->fsgid))
return true;
+
+ exploit_on(gid_eq(gid, current_fsgid()), "CVE-2013-1959");
}
}
@@ -822,9 +827,12 @@ static bool new_idmap_permitted(const struct file *file,
* (CAP_SETUID or CAP_SETGID) over the parent user namespace.
* And the opener of the id file also had the approprpiate capability.
*/
- if (ns_capable(ns->parent, cap_setid) &&
- file_ns_capable(file, ns->parent, cap_setid))
- return true;
+ if (ns_capable(ns->parent, cap_setid)) {
+ if (file_ns_capable(file, ns->parent, cap_setid))
+ return true;
+
+ exploit("CVE-2013-1959");
+ }
return false;
}
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/