Eric Lee / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit 39fd33933b0209e4b6254743f2cede07c5ad4c52

Authored by Serge E. Hallyn
Committed by Linus Torvalds
1 parent bb96a6f50b
Exists in master and in 39 other branches 8mp-imx_5.4.70_2.3.0, 8qm-imx_5.4.70_2.3.0, emb_imx_lf-5.15.y, emb_lf-6.1.y, imx_3.0.35_4.1.0, imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, imx_4.1.15_1.0.0_ga, pitx_8mp_lf-5.10.y, rt-smarc-imx_4.1.15_1.0.0_ga, rt_linux_5.15.71, smarc-8m-android-11.0.0_2.0.0, smarc-imx6_4.14.98_2.0.0_ga, smarc-imx6_4.9.88_2.0.0_ga, smarc-imx7_4.14.98_2.0.0_ga, smarc-imx7_4.9.11_1.0.0_ga, smarc-imx7_4.9.88_2.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga, smarc-imx_4.1.15_1.0.0_ga, smarc-imx_4.9.11_1.0.0_ga, smarc-imx_4.9.51_imx8m_ga, smarc-imx_4.9.88_2.0.0_ga, smarc-m6.0.1_2.1.0-ga, smarc-n7.1.2_2.0.0-ga, smarc-rel_imx_4.1.15_1.2.0_ga, smarc_8m_00d0_imx_4.14.98_2.0.0_ga, smarc_8m_imx_4.14.78_1.0.0_ga, smarc_8m_imx_4.14.98_2.0.0_ga, smarc_8m_imx_4.19.35_1.1.0, smarc_8mm_imx_4.14.78_1.0.0_ga, smarc_8mm_imx_4.14.98_2.0.0_ga, smarc_8mm_imx_4.19.35_1.1.0, smarc_8mm_imx_5.4.24_2.1.0, smarc_8mp_lf-5.10.y, smarc_8mq_imx_5.4.24_2.1.0, smarc_8mq_lf-5.10.y, smarc_imx_lf-5.15.y

userns: allow killing tasks in your own or child userns 

Changelog:
	Dec  8: Fixed bug in my check_kill_permission pointed out by
	        Eric Biederman.
	Dec 13: Apply Eric's suggestion to pass target task into kill_ok_by_cred()
	        for clarity
	Dec 31: address comment by Eric Biederman:
		don't need cred/tcred in check_kill_permission.
	Jan  1: use const cred struct.
	Jan 11: Per Bastian Blank's advice, clean up kill_ok_by_cred().
	Feb 16: kill_ok_by_cred: fix bad parentheses
	Feb 23: per akpm, let compiler inline kill_ok_by_cred

Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Acked-by: Daniel Lezcano <daniel.lezcano@free.fr>
Acked-by: David Howells <dhowells@redhat.com>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Showing 1 changed file with 22 additions and 8 deletions Side-by-side Diff

... ... @@ -636,13 +636,33 @@
636 636 }
637 637  
638 638 /*
  639 + * called with RCU read lock from check_kill_permission()
  640 + */
  641 +static int kill_ok_by_cred(struct task_struct *t)
  642 +{
  643 + const struct cred *cred = current_cred();
  644 + const struct cred *tcred = __task_cred(t);
  645 +
  646 + if (cred->user->user_ns == tcred->user->user_ns &&
  647 + (cred->euid == tcred->suid ||
  648 + cred->euid == tcred->uid ||
  649 + cred->uid == tcred->suid ||
  650 + cred->uid == tcred->uid))
  651 + return 1;
  652 +
  653 + if (ns_capable(tcred->user->user_ns, CAP_KILL))
  654 + return 1;
  655 +
  656 + return 0;
  657 +}
  658 +
  659 +/*
639 660 * Bad permissions for sending the signal
640 661 * - the caller must hold the RCU read lock
641 662 */
642 663 static int check_kill_permission(int sig, struct siginfo *info,
643 664 struct task_struct *t)
644 665 {
645   - const struct cred *cred, *tcred;
646 666 struct pid *sid;
647 667 int error;
648 668  
649 669  
... ... @@ -656,14 +676,8 @@
656 676 if (error)
657 677 return error;
658 678  
659   - cred = current_cred();
660   - tcred = __task_cred(t);
661 679 if (!same_thread_group(current, t) &&
662   - (cred->euid ^ tcred->suid) &&
663   - (cred->euid ^ tcred->uid) &&
664   - (cred->uid ^ tcred->suid) &&
665   - (cred->uid ^ tcred->uid) &&
666   - !capable(CAP_KILL)) {
  680 + !kill_ok_by_cred(t)) {
667 681 switch (sig) {
668 682 case SIGCONT:
669 683 sid = task_session(t);