linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Kees Cook <keescook@chromium.org>
To: Salvatore Mesoraca <s.mesoraca16@gmail.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
	Kernel Hardening <kernel-hardening@lists.openwall.com>,
	"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
	Alan Cox <gnomes@lxorguk.ukuu.org.uk>,
	Alexander Viro <viro@zeniv.linux.org.uk>,
	David Laight <David.Laight@aculab.com>,
	Ian Campbell <ijc@hellion.org.uk>, Jann Horn <jannh@google.com>,
	Matthew Wilcox <willy@infradead.org>,
	Pavel Vasilyev <dixlor@gmail.com>,
	Solar Designer <solar@openwall.com>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	"Tobin C. Harding" <me@tobin.cc>
Subject: Re: [PATCH v4] Protected FIFOs and regular files
Date: Tue, 10 Apr 2018 14:23:17 -0700	[thread overview]
Message-ID: <CAGXu5jKXMx1hzQX6g=Y51mdTgHoYp4vuVUvri3=s7Fn9NgmZmA@mail.gmail.com> (raw)
In-Reply-To: <CAJHCu1LAvw5N8cXr-L8goEXUN5+jAdC4aUv3jNW0FxO9W_VH1w@mail.gmail.com>

On Wed, Feb 28, 2018 at 1:22 AM, Salvatore Mesoraca
<s.mesoraca16@gmail.com> wrote:
> 2018-02-27 21:22 GMT+01:00 Kees Cook <keescook@chromium.org>:
>> On Tue, Feb 27, 2018 at 11:47 AM, Kees Cook <keescook@chromium.org> wrote:
>>> On Tue, Feb 27, 2018 at 3:00 AM, Salvatore Mesoraca
>>> <s.mesoraca16@gmail.com> wrote:
>>>> Disallows open of FIFOs or regular files not owned by the user in world
>>>> writable sticky directories, unless the owner is the same as that of
>>>> the directory or the file is opened without the O_CREAT flag.
>>>> The purpose is to make data spoofing attacks harder.
>>>> This protection can be turned on and off separately for FIFOs and regular
>>>> files via sysctl, just like the symlinks/hardlinks protection.
>>>> This patch is based on Openwall's "HARDEN_FIFO" feature by Solar
>>>> Designer.
>>>>
>>>> This is a brief list of old vulnerabilities that could have been prevented
>>>> by this feature, some of them even allow for privilege escalation:
>>>> CVE-2000-1134
>>>> CVE-2007-3852
>>>> CVE-2008-0525
>>>> CVE-2009-0416
>>>> CVE-2011-4834
>>>> CVE-2015-1838
>>>> CVE-2015-7442
>>>> CVE-2016-7489
>>>>
>>>> This list is not meant to be complete. It's difficult to track down
>>>> all vulnerabilities of this kind because they were often reported
>>>> without any mention of this particular attack vector.
>>>> In fact, before hardlinks/symlinks restrictions, fifos/regular
>>>> files weren't the favorite vehicle to exploit them.
>>>>
>>>> Suggested-by: Solar Designer <solar@openwall.com>
>>>> Suggested-by: Kees Cook <keescook@chromium.org>
>>>> Signed-off-by: Salvatore Mesoraca <s.mesoraca16@gmail.com>
>>>> [...]
>>>
>>> I think this looks great.
>>>
>>> Acked-by: Kees Cook <keescook@chromium.org>
>>
>> Tested-by: Kees Cook <keescook@chromium.org>
>
> Awesome! Thank you very much for your help!

Salvatore, do you want to send this again as a v5 with my two
follow-up patches, as I have them here:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=kspp/userspace/protected-creat

or would you like me to send those? I would expect this series to land
via the -mm tree, since that tends to be the catch-all. (In which
case, the series should be To: akpm with everyone else in Cc.)

-Kees

-- 
Kees Cook
Pixel Security

  reply	other threads:[~2018-04-10 21:23 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-02-27 11:00 [PATCH v4] Protected FIFOs and regular files Salvatore Mesoraca
2018-02-27 19:47 ` Kees Cook
2018-02-27 20:22   ` Kees Cook
2018-02-28  9:22     ` Salvatore Mesoraca
2018-04-10 21:23       ` Kees Cook [this message]
2018-04-11  6:09         ` Salvatore Mesoraca

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAGXu5jKXMx1hzQX6g=Y51mdTgHoYp4vuVUvri3=s7Fn9NgmZmA@mail.gmail.com' \
    --to=keescook@chromium.org \
    --cc=David.Laight@aculab.com \
    --cc=dixlor@gmail.com \
    --cc=ebiederm@xmission.com \
    --cc=gnomes@lxorguk.ukuu.org.uk \
    --cc=ijc@hellion.org.uk \
    --cc=jannh@google.com \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=me@tobin.cc \
    --cc=s.mesoraca16@gmail.com \
    --cc=solar@openwall.com \
    --cc=viro@zeniv.linux.org.uk \
    --cc=willy@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).