mirror of
https://github.com/adulau/aha.git
synced 2024-12-28 03:36:19 +00:00
CRED: Rename cred_exec_mutex to reflect that it's a guard against ptrace
Rename cred_exec_mutex to reflect that it's a guard against foreign intervention on a process's credential state, such as is made by ptrace(). The attachment of a debugger to a process affects execve()'s calculation of the new credential state - _and_ also setprocattr()'s calculation of that state. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
d254117099
commit
5e751e992f
6 changed files with 20 additions and 17 deletions
|
@ -1488,7 +1488,7 @@ int compat_do_execve(char * filename,
|
|||
if (!bprm)
|
||||
goto out_files;
|
||||
|
||||
retval = mutex_lock_interruptible(¤t->cred_exec_mutex);
|
||||
retval = mutex_lock_interruptible(¤t->cred_guard_mutex);
|
||||
if (retval < 0)
|
||||
goto out_free;
|
||||
current->in_execve = 1;
|
||||
|
@ -1550,7 +1550,7 @@ int compat_do_execve(char * filename,
|
|||
/* execve succeeded */
|
||||
current->fs->in_exec = 0;
|
||||
current->in_execve = 0;
|
||||
mutex_unlock(¤t->cred_exec_mutex);
|
||||
mutex_unlock(¤t->cred_guard_mutex);
|
||||
acct_update_integrals(current);
|
||||
free_bprm(bprm);
|
||||
if (displaced)
|
||||
|
@ -1573,7 +1573,7 @@ out_unmark:
|
|||
|
||||
out_unlock:
|
||||
current->in_execve = 0;
|
||||
mutex_unlock(¤t->cred_exec_mutex);
|
||||
mutex_unlock(¤t->cred_guard_mutex);
|
||||
|
||||
out_free:
|
||||
free_bprm(bprm);
|
||||
|
|
10
fs/exec.c
10
fs/exec.c
|
@ -1045,7 +1045,7 @@ void install_exec_creds(struct linux_binprm *bprm)
|
|||
commit_creds(bprm->cred);
|
||||
bprm->cred = NULL;
|
||||
|
||||
/* cred_exec_mutex must be held at least to this point to prevent
|
||||
/* cred_guard_mutex must be held at least to this point to prevent
|
||||
* ptrace_attach() from altering our determination of the task's
|
||||
* credentials; any time after this it may be unlocked */
|
||||
|
||||
|
@ -1055,7 +1055,7 @@ EXPORT_SYMBOL(install_exec_creds);
|
|||
|
||||
/*
|
||||
* determine how safe it is to execute the proposed program
|
||||
* - the caller must hold current->cred_exec_mutex to protect against
|
||||
* - the caller must hold current->cred_guard_mutex to protect against
|
||||
* PTRACE_ATTACH
|
||||
*/
|
||||
int check_unsafe_exec(struct linux_binprm *bprm)
|
||||
|
@ -1297,7 +1297,7 @@ int do_execve(char * filename,
|
|||
if (!bprm)
|
||||
goto out_files;
|
||||
|
||||
retval = mutex_lock_interruptible(¤t->cred_exec_mutex);
|
||||
retval = mutex_lock_interruptible(¤t->cred_guard_mutex);
|
||||
if (retval < 0)
|
||||
goto out_free;
|
||||
current->in_execve = 1;
|
||||
|
@ -1360,7 +1360,7 @@ int do_execve(char * filename,
|
|||
/* execve succeeded */
|
||||
current->fs->in_exec = 0;
|
||||
current->in_execve = 0;
|
||||
mutex_unlock(¤t->cred_exec_mutex);
|
||||
mutex_unlock(¤t->cred_guard_mutex);
|
||||
acct_update_integrals(current);
|
||||
free_bprm(bprm);
|
||||
if (displaced)
|
||||
|
@ -1383,7 +1383,7 @@ out_unmark:
|
|||
|
||||
out_unlock:
|
||||
current->in_execve = 0;
|
||||
mutex_unlock(¤t->cred_exec_mutex);
|
||||
mutex_unlock(¤t->cred_guard_mutex);
|
||||
|
||||
out_free:
|
||||
free_bprm(bprm);
|
||||
|
|
|
@ -145,8 +145,8 @@ extern struct cred init_cred;
|
|||
.group_leader = &tsk, \
|
||||
.real_cred = &init_cred, \
|
||||
.cred = &init_cred, \
|
||||
.cred_exec_mutex = \
|
||||
__MUTEX_INITIALIZER(tsk.cred_exec_mutex), \
|
||||
.cred_guard_mutex = \
|
||||
__MUTEX_INITIALIZER(tsk.cred_guard_mutex), \
|
||||
.comm = "swapper", \
|
||||
.thread = INIT_THREAD, \
|
||||
.fs = &init_fs, \
|
||||
|
|
|
@ -1247,7 +1247,9 @@ struct task_struct {
|
|||
* credentials (COW) */
|
||||
const struct cred *cred; /* effective (overridable) subjective task
|
||||
* credentials (COW) */
|
||||
struct mutex cred_exec_mutex; /* execve vs ptrace cred calculation mutex */
|
||||
struct mutex cred_guard_mutex; /* guard against foreign influences on
|
||||
* credential calculations
|
||||
* (notably. ptrace) */
|
||||
|
||||
char comm[TASK_COMM_LEN]; /* executable name excluding path
|
||||
- access with [gs]et_task_comm (which lock
|
||||
|
|
|
@ -167,7 +167,7 @@ EXPORT_SYMBOL(prepare_creds);
|
|||
|
||||
/*
|
||||
* Prepare credentials for current to perform an execve()
|
||||
* - The caller must hold current->cred_exec_mutex
|
||||
* - The caller must hold current->cred_guard_mutex
|
||||
*/
|
||||
struct cred *prepare_exec_creds(void)
|
||||
{
|
||||
|
@ -276,7 +276,7 @@ int copy_creds(struct task_struct *p, unsigned long clone_flags)
|
|||
struct cred *new;
|
||||
int ret;
|
||||
|
||||
mutex_init(&p->cred_exec_mutex);
|
||||
mutex_init(&p->cred_guard_mutex);
|
||||
|
||||
if (
|
||||
#ifdef CONFIG_KEYS
|
||||
|
|
|
@ -185,10 +185,11 @@ int ptrace_attach(struct task_struct *task)
|
|||
if (same_thread_group(task, current))
|
||||
goto out;
|
||||
|
||||
/* Protect exec's credential calculations against our interference;
|
||||
* SUID, SGID and LSM creds get determined differently under ptrace.
|
||||
/* Protect the target's credential calculations against our
|
||||
* interference; SUID, SGID and LSM creds get determined differently
|
||||
* under ptrace.
|
||||
*/
|
||||
retval = mutex_lock_interruptible(&task->cred_exec_mutex);
|
||||
retval = mutex_lock_interruptible(&task->cred_guard_mutex);
|
||||
if (retval < 0)
|
||||
goto out;
|
||||
|
||||
|
@ -232,7 +233,7 @@ repeat:
|
|||
bad:
|
||||
write_unlock_irqrestore(&tasklist_lock, flags);
|
||||
task_unlock(task);
|
||||
mutex_unlock(&task->cred_exec_mutex);
|
||||
mutex_unlock(&task->cred_guard_mutex);
|
||||
out:
|
||||
return retval;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue