Update to 4.9.1
Drop two obsolete patches. "ptrace: being capable wrt a process requires mapped uids/gids" appears to be obsoleted by upstream commit bfedb589252c "mm: Add a user_ns owner to mm_struct and fix ptrace permission checks".
This commit is contained in:
parent
f5af248fc0
commit
0814db65a8
|
@ -1,7 +1,9 @@
|
|||
linux (4.9-1~exp1) UNRELEASED; urgency=medium
|
||||
linux (4.9.1-1~exp1) UNRELEASED; urgency=medium
|
||||
|
||||
* New upstream release: https://kernelnewbies.org/Linux_4.9
|
||||
- Revert "default exported asm symbols to zero"
|
||||
* New upstream stable update:
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.1
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* Set ABI to trunk
|
||||
|
|
|
@ -1,102 +0,0 @@
|
|||
From: Jann Horn <jann@thejh.net>
|
||||
Subject: ptrace: being capable wrt a process requires mapped uids/gids
|
||||
Date: Sat, 26 Dec 2015 03:52:31 +0100
|
||||
Origin: https://lkml.org/lkml/2015/12/25/71
|
||||
|
||||
ptrace_has_cap() checks whether the current process should be
|
||||
treated as having a certain capability for ptrace checks
|
||||
against another process. Until now, this was equivalent to
|
||||
has_ns_capability(current, target_ns, CAP_SYS_PTRACE).
|
||||
|
||||
However, if a root-owned process wants to enter a user
|
||||
namespace for some reason without knowing who owns it and
|
||||
therefore can't change to the namespace owner's uid and gid
|
||||
before entering, as soon as it has entered the namespace,
|
||||
the namespace owner can attach to it via ptrace and thereby
|
||||
gain access to its uid and gid.
|
||||
|
||||
While it is possible for the entering process to switch to
|
||||
the uid of a claimed namespace owner before entering,
|
||||
causing the attempt to enter to fail if the claimed uid is
|
||||
wrong, this doesn't solve the problem of determining an
|
||||
appropriate gid.
|
||||
|
||||
With this change, the entering process can first enter the
|
||||
namespace and then safely inspect the namespace's
|
||||
properties, e.g. through /proc/self/{uid_map,gid_map},
|
||||
assuming that the namespace owner doesn't have access to
|
||||
uid 0.
|
||||
Changed in v2: The caller needs to be capable in the
|
||||
namespace into which tcred's uids/gids can be mapped.
|
||||
|
||||
Signed-off-by: Jann Horn <jann@thejh.net>
|
||||
---
|
||||
kernel/ptrace.c | 33 ++++++++++++++++++++++++++++-----
|
||||
1 file changed, 28 insertions(+), 5 deletions(-)
|
||||
|
||||
--- a/kernel/ptrace.c
|
||||
+++ b/kernel/ptrace.c
|
||||
@@ -20,6 +20,7 @@
|
||||
#include <linux/uio.h>
|
||||
#include <linux/audit.h>
|
||||
#include <linux/pid_namespace.h>
|
||||
+#include <linux/user_namespace.h>
|
||||
#include <linux/syscalls.h>
|
||||
#include <linux/uaccess.h>
|
||||
#include <linux/regset.h>
|
||||
@@ -207,12 +208,34 @@ static int ptrace_check_attach(struct ta
|
||||
return ret;
|
||||
}
|
||||
|
||||
-static int ptrace_has_cap(struct user_namespace *ns, unsigned int mode)
|
||||
+static bool ptrace_has_cap(const struct cred *tcred, unsigned int mode)
|
||||
{
|
||||
+ struct user_namespace *tns = tcred->user_ns;
|
||||
+
|
||||
+ /* When a root-owned process enters a user namespace created by a
|
||||
+ * malicious user, the user shouldn't be able to execute code under
|
||||
+ * uid 0 by attaching to the root-owned process via ptrace.
|
||||
+ * Therefore, similar to the capable_wrt_inode_uidgid() check,
|
||||
+ * verify that all the uids and gids of the target process are
|
||||
+ * mapped into a namespace below the current one in which the caller
|
||||
+ * is capable.
|
||||
+ * No fsuid/fsgid check because __ptrace_may_access doesn't do it
|
||||
+ * either.
|
||||
+ */
|
||||
+ while (
|
||||
+ !kuid_has_mapping(tns, tcred->euid) ||
|
||||
+ !kuid_has_mapping(tns, tcred->suid) ||
|
||||
+ !kuid_has_mapping(tns, tcred->uid) ||
|
||||
+ !kgid_has_mapping(tns, tcred->egid) ||
|
||||
+ !kgid_has_mapping(tns, tcred->sgid) ||
|
||||
+ !kgid_has_mapping(tns, tcred->gid)) {
|
||||
+ tns = tns->parent;
|
||||
+ }
|
||||
+
|
||||
if (mode & PTRACE_MODE_NOAUDIT)
|
||||
- return has_ns_capability_noaudit(current, ns, CAP_SYS_PTRACE);
|
||||
+ return has_ns_capability_noaudit(current, tns, CAP_SYS_PTRACE);
|
||||
else
|
||||
- return has_ns_capability(current, ns, CAP_SYS_PTRACE);
|
||||
+ return has_ns_capability(current, tns, CAP_SYS_PTRACE);
|
||||
}
|
||||
|
||||
/* Returns 0 on success, -errno on denial. */
|
||||
@@ -264,7 +287,7 @@ static int __ptrace_may_access(struct ta
|
||||
gid_eq(caller_gid, tcred->sgid) &&
|
||||
gid_eq(caller_gid, tcred->gid))
|
||||
goto ok;
|
||||
- if (ptrace_has_cap(tcred->user_ns, mode))
|
||||
+ if (ptrace_has_cap(tcred, mode))
|
||||
goto ok;
|
||||
rcu_read_unlock();
|
||||
return -EPERM;
|
||||
@@ -275,7 +298,7 @@ ok:
|
||||
dumpable = get_dumpable(task->mm);
|
||||
rcu_read_lock();
|
||||
if (dumpable != SUID_DUMP_USER &&
|
||||
- !ptrace_has_cap(__task_cred(task)->user_ns, mode)) {
|
||||
+ !ptrace_has_cap(__task_cred(task), mode)) {
|
||||
rcu_read_unlock();
|
||||
return -EPERM;
|
||||
}
|
|
@ -1,59 +0,0 @@
|
|||
From: Adam Borowski <kilobyte@angband.pl>
|
||||
Date: Tue, 29 Nov 2016 14:51:17 +0100
|
||||
Subject: x86/kbuild: enable modversions for symbols exported from asm
|
||||
Origin: https://lists.debian.org/20161129135118.24696-1-kilobyte@angband.pl
|
||||
|
||||
Commit 4efca4ed ("kbuild: modversions for EXPORT_SYMBOL() for asm") adds
|
||||
modversion support for symbols exported from asm files. Architectures
|
||||
must include C-style declarations for those symbols in asm/asm-prototypes.h
|
||||
in order for them to be versioned.
|
||||
|
||||
Add these declarations for x86, and an architecture-independent file that
|
||||
can be used for common symbols.
|
||||
|
||||
User impact: kernels may fail to load modules at all when
|
||||
CONFIG_MODVERSIONS=y.
|
||||
|
||||
Signed-off-by: Adam Borowski <kilobyte@angband.pl>
|
||||
Tested-by: Kalle Valo <kvalo@codeaurora.org>
|
||||
Acked-by: Nicholas Piggin <npiggin@gmail.com>
|
||||
Tested-by: Peter Wu <peter@lekensteyn.nl>
|
||||
Tested-by: Oliver Hartkopp <socketcan@hartkopp.net>
|
||||
---
|
||||
arch/x86/include/asm/asm-prototypes.h | 12 ++++++++++++
|
||||
include/asm-generic/asm-prototypes.h | 7 +++++++
|
||||
2 files changed, 19 insertions(+)
|
||||
create mode 100644 arch/x86/include/asm/asm-prototypes.h
|
||||
create mode 100644 include/asm-generic/asm-prototypes.h
|
||||
|
||||
diff --git a/arch/x86/include/asm/asm-prototypes.h b/arch/x86/include/asm/asm-prototypes.h
|
||||
new file mode 100644
|
||||
index 000000000000..ae87224df613
|
||||
--- /dev/null
|
||||
+++ b/arch/x86/include/asm/asm-prototypes.h
|
||||
@@ -0,0 +1,12 @@
|
||||
+#include <asm/ftrace.h>
|
||||
+#include <asm/uaccess.h>
|
||||
+#include <asm/string.h>
|
||||
+#include <asm/page.h>
|
||||
+#include <asm/checksum.h>
|
||||
+
|
||||
+#include <asm-generic/asm-prototypes.h>
|
||||
+
|
||||
+#include <asm/page.h>
|
||||
+#include <asm/pgtable.h>
|
||||
+#include <asm/special_insns.h>
|
||||
+#include <asm/preempt.h>
|
||||
diff --git a/include/asm-generic/asm-prototypes.h b/include/asm-generic/asm-prototypes.h
|
||||
new file mode 100644
|
||||
index 000000000000..df13637e4017
|
||||
--- /dev/null
|
||||
+++ b/include/asm-generic/asm-prototypes.h
|
||||
@@ -0,0 +1,7 @@
|
||||
+#include <linux/bitops.h>
|
||||
+extern void *__memset(void *, int, __kernel_size_t);
|
||||
+extern void *__memcpy(void *, const void *, __kernel_size_t);
|
||||
+extern void *__memmove(void *, const void *, __kernel_size_t);
|
||||
+extern void *memset(void *, int, __kernel_size_t);
|
||||
+extern void *memcpy(void *, const void *, __kernel_size_t);
|
||||
+extern void *memmove(void *, const void *, __kernel_size_t);
|
|
@ -93,7 +93,6 @@ features/all/securelevel/arm64-efi-disable-secure-boot-if-shim-is-in-insecure.pa
|
|||
features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.patch
|
||||
|
||||
# Security fixes
|
||||
bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch
|
||||
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
||||
|
||||
# Fix exported symbol versions
|
||||
|
@ -102,7 +101,6 @@ bugfix/sparc/revert-sparc-move-exports-to-definitions.patch
|
|||
bugfix/s390/revert-s390-move-exports-to-definitions.patch
|
||||
bugfix/m68k/revert-m68k-move-exports-to-definitions.patch
|
||||
bugfix/alpha/revert-alpha-move-exports-to-actual-definitions.patch
|
||||
bugfix/x86/x86-kbuild-enable-modversions-for-symbols-exported-f.patch
|
||||
bugfix/powerpc/powerpc-remove-mac-on-linux-hooks.patch
|
||||
bugfix/powerpc/powerpc-fix-missing-crcs-add-yet-more-asm-prototypes.patch
|
||||
bugfix/all/module-disable-matching-missing-version-crc.patch
|
||||
|
|
Loading…
Reference in New Issue