| Message ID | 20211227223436.317091-5-wander@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | coredump: mitigate privilege escalation of process coredump | expand |
diff --git a/fs/exec.c b/fs/exec.c index b4bd157a5282..d73b21b6298c 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1312,7 +1312,11 @@ int begin_new_exec(struct linux_binprm * bprm) me->flags &= ~(PF_RANDOMIZE | PF_FORKNOEXEC | PF_KTHREAD | PF_NOFREEZE | PF_NO_SETAFFINITY); - if (bprm->suid_bin) + /* + * We set the PF_SUID flags for security reasons. There is no + * point in setting it if the parent is root. + */ + if (bprm->suid_bin && !capable(CAP_SYS_ADMIN)) me->flags |= PF_SUID; flush_thread();
The goal of PF_SUID flag is to check if it is safe to coredump the process. If the current process is already privileged, there is no point in performing security checks because the name image is a set-uid process. Because of that, we don't set the suid flag if the forked process already runs as root. Signed-off-by: Wander Lairson Costa <wander@redhat.com> --- fs/exec.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)