Patchwork [RESEND] exit_notify: kill the wrong capable(CAP_KILL) check

login
register
mail settings
Submitter Oleg Nesterov
Date April 6, 2009, 2:16 p.m.
Message ID <20090406141602.GA17561@redhat.com>
Download mbox | patch
Permalink /patch/16544/
State New, archived
Headers show

Comments

Oleg Nesterov - April 6, 2009, 2:16 p.m.
The CAP_KILL check in exit_notify() looks just wrong, kill it.

Whatever logic we have to reset ->exit_signal, the malicious user
can bypass it if it execs the setuid application before exiting.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
Roland McGrath - April 6, 2009, 7:36 p.m.
Acked-by: Roland McGrath <roland@redhat.com>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Patch

--- 6.30/kernel/exit.c~EXIT_CAP_KILL	2009-04-06 00:03:42.000000000 +0200
+++ 6.30/kernel/exit.c	2009-04-06 15:30:32.000000000 +0200
@@ -837,8 +837,7 @@  static void exit_notify(struct task_stru
 	 */
 	if (tsk->exit_signal != SIGCHLD && !task_detached(tsk) &&
 	    (tsk->parent_exec_id != tsk->real_parent->self_exec_id ||
-	     tsk->self_exec_id != tsk->parent_exec_id) &&
-	    !capable(CAP_KILL))
+	     tsk->self_exec_id != tsk->parent_exec_id))
 		tsk->exit_signal = SIGCHLD;
 
 	signal = tracehook_notify_death(tsk, &cookie, group_dead);