[PATCH] Use CAP_SYS_RESOURCE as magic for escaping user namespaces.
Janne Karhunen
janne.karhunen at gmail.com
Tue May 7 10:30:43 UTC 2013
On Tue, May 7, 2013 at 11:01 AM, Janne Karhunen
<janne.karhunen at gmail.com> wrote:
> @@ -481,7 +490,7 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
> const struct cred *old = current_cred();
> struct cred *new = bprm->cred;
> bool effective, has_cap = false;
> - int ret;
> + int ret, has_res;
> kuid_t root_uid;
>
> effective = false;
> @@ -501,6 +510,8 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
> warn_setuid_and_fcaps_mixed(bprm->filename);
> goto skip;
> }
> + has_res = cap_raised(new->cap_permitted, CAP_SYS_RESOURCE);
> +
> /*
> * To support inheritance of root-permissions and suid-root
> * executables under compatibility mode, we override the
> @@ -512,6 +523,9 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
> /* pP' = (cap_bset & ~0) | (pI & ~0) */
> new->cap_permitted = cap_combine(old->cap_bset,
> old->cap_inheritable);
> +
> + if (!has_res && (old->user_ns != &init_user_ns))
> + cap_lower (new->cap_permitted, CAP_SYS_RESOURCE);
> }
> if (uid_eq(new->euid, root_uid))
> effective = true;
I am also seriously unhappy about this 'setuid compatibility mode'
here. It is highly surprising to have all caps elevated on uid/euid
root exec regardless of the executable setuid flags...
--
Janne
More information about the Containers
mailing list