Commit 31367466 authored by Otto Ebeling's avatar Otto Ebeling Committed by Linus Torvalds

Unify migrate_pages and move_pages access checks

Commit 197e7e52 ("Sanitize 'move_pages()' permission checks") fixed
a security issue I reported in the move_pages syscall, and made it so
that you can't act on set-uid processes unless you have the
CAP_SYS_PTRACE capability.

Unify the access check logic of migrate_pages to match the new behavior
of move_pages.  We discussed this a bit in the security@ list and
thought it'd be good for consistency even though there's no evident
security impact.  The NUMA node access checks are left intact and
require CAP_SYS_NICE as before.

Link: http://lkml.kernel.org/r/alpine.DEB.2.11.1710011830320.6333@lakka.kapsi.fiSigned-off-by: default avatarOtto Ebeling <otto.ebeling@iki.fi>
Acked-by: default avatarMichal Hocko <mhocko@suse.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Willy Tarreau <w@1wt.eu>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 7f0b5fb9
...@@ -85,6 +85,7 @@ ...@@ -85,6 +85,7 @@
#include <linux/interrupt.h> #include <linux/interrupt.h>
#include <linux/init.h> #include <linux/init.h>
#include <linux/compat.h> #include <linux/compat.h>
#include <linux/ptrace.h>
#include <linux/swap.h> #include <linux/swap.h>
#include <linux/seq_file.h> #include <linux/seq_file.h>
#include <linux/proc_fs.h> #include <linux/proc_fs.h>
...@@ -1365,7 +1366,6 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, ...@@ -1365,7 +1366,6 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
const unsigned long __user *, old_nodes, const unsigned long __user *, old_nodes,
const unsigned long __user *, new_nodes) const unsigned long __user *, new_nodes)
{ {
const struct cred *cred = current_cred(), *tcred;
struct mm_struct *mm = NULL; struct mm_struct *mm = NULL;
struct task_struct *task; struct task_struct *task;
nodemask_t task_nodes; nodemask_t task_nodes;
...@@ -1401,15 +1401,10 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, ...@@ -1401,15 +1401,10 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
err = -EINVAL; err = -EINVAL;
/* /*
* Check if this process has the right to modify the specified * Check if this process has the right to modify the specified process.
* process. The right exists if the process has administrative * Use the regular "ptrace_may_access()" checks.
* capabilities, superuser privileges or the same
* userid as the target process.
*/ */
tcred = __task_cred(task); if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS)) {
if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) &&
!uid_eq(cred->uid, tcred->suid) && !uid_eq(cred->uid, tcred->uid) &&
!capable(CAP_SYS_NICE)) {
rcu_read_unlock(); rcu_read_unlock();
err = -EPERM; err = -EPERM;
goto out_put; goto out_put;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment