lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
d049f74f2d
linux-kernel-test/arch/ia64/include/asm
History
Kees Cook d049f74f2d exec/ptrace: fix get_dumpable() incorrect tests 
The get_dumpable() return value is not boolean.  Most users of the
function actually want to be testing for non-SUID_DUMP_USER(1) rather than
SUID_DUMP_DISABLE(0).  The SUID_DUMP_ROOT(2) is also considered a
protected state.  Almost all places did this correctly, excepting the two
places fixed in this patch.

Wrong logic:
    if (dumpable == SUID_DUMP_DISABLE) { /* be protective */ }
        or
    if (dumpable == 0) { /* be protective */ }
        or
    if (!dumpable) { /* be protective */ }

Correct logic:
    if (dumpable != SUID_DUMP_USER) { /* be protective */ }
        or
    if (dumpable != 1) { /* be protective */ }

Without this patch, if the system had set the sysctl fs/suid_dumpable=2, a
user was able to ptrace attach to processes that had dropped privileges to
that user.  (This may have been partially mitigated if Yama was enabled.)

The macros have been moved into the file that declares get/set_dumpable(),
which means things like the ia64 code can see them too.

CVE-2013-2929

Reported-by: Vasily Kulikov <segoon@openwall.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: "Luck, Tony" <tony.luck@intel.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-11-13 12:09:33 +09:00
..
native ia64/pv_ops: paravirtualize gate.S. 2009-03-26 11:01:46 -07:00
sn Disintegrate asm/system.h for IA64 2012-03-28 18:30:02 +01:00
uv Disintegrate asm/system.h for IA64 2012-03-28 18:30:02 +01:00
xen cputime: Generic on-demand virtual cputime accounting 2013-01-27 19:23:27 +01:00
acpi-ext.h
acpi.h ACPICA: Update compilation environment settings. 2013-01-10 12:36:17 +01:00
agp.h agp: kill phys_to_gart() and gart_to_phys() 2009-08-03 09:05:00 +01:00
asm-offsets.h kbuild: move asm-offsets.h to include/generated 2009-12-12 13:08:14 +01:00
asmmacro.h Rename .data..patch.XXX to .data..patch.XXX. 2010-03-03 11:25:59 +01:00
atomic.h [IA64] Redefine ATOMIC_INIT and ATOMIC64_INIT to drop the casts 2012-07-26 10:55:26 -07:00
barrier.h Disintegrate asm/system.h for IA64 2012-03-28 18:30:02 +01:00
bitops.h [IA64] Use asm-generic/bitops/builtin-ffs.h 2013-08-26 14:22:58 -07:00
bug.h
bugs.h
cache.h Rename .data.read_mostly to .data..read_mostly. 2010-03-03 11:26:00 +01:00
cacheflush.h block: add helpers to run flush_dcache_page() against a bio and a request's pages 2009-11-26 09:16:19 +01:00
checksum.h
clocksource.h clocksource: Change __ARCH_HAS_CLOCKSOURCE_DATA to a CONFIG option 2011-07-21 13:34:05 -07:00
cpu.h
cputime.h cputime: Generic on-demand virtual cputime accounting 2013-01-27 19:23:27 +01:00
current.h
cyclone.h
delay.h
device.h driver core / ACPI: Move ACPI support to core device and driver types 2012-11-15 00:28:00 +01:00
div64.h
dma-mapping.h ia64: dma_debug: add debug_dma_mapping_error support 2012-11-28 15:28:58 +01:00
dma.h
dmi.h [IA64] dmi.h: Make dmi_alloc use kzalloc 2013-08-19 10:24:01 -07:00
elf.h default SET_PERSONALITY() in linux/elf.h 2013-02-26 02:46:08 -05:00
emergency-restart.h
esi.h
fb.h
fpswa.h
ftrace.h [IA64] sanity in #include files. Move fnptr to types.h 2010-01-06 15:52:35 -08:00
futex.h Wrong asm register contraints in the futex implementation 2013-03-19 16:14:53 -07:00
gcc_intrin.h UAPI: (Scripted) Disintegrate arch/ia64/include/asm 2012-10-09 09:47:00 +01:00
gpio.h gpiolib/arches: Centralise bolierplate asm/gpio.h 2012-05-11 18:00:14 -06:00
hardirq.h [IA64] Move local_softirq_pending() definition 2010-10-19 13:31:11 +02:00
hpsim.h hpsim, initialize chip for assigned irqs 2012-03-08 12:26:30 -08:00
hugetlb.h mm/hugetlb: add more arch-defined huge_pte functions 2013-04-29 15:54:33 -07:00
hw_irq.h ia64: Remove redundant declaration of irq_desc[] 2011-03-29 14:48:05 +02:00
idle.h [IA64] xen_domu_defconfig: fix build issues/warnings 2009-05-05 11:43:13 -07:00
intrinsics.h UAPI: (Scripted) Disintegrate arch/ia64/include/asm 2012-10-09 09:47:00 +01:00
io.h ia64: add early_memremap() alias for early_ioremap() 2013-09-05 13:29:28 +01:00
iommu_table.h ia64, iommu: Add a dummy iommu_table.h file in IA64. 2010-10-08 13:11:11 -07:00
iommu.h iommu: Remove group_mf 2012-06-25 13:48:30 +02:00
iosapic.h IA64: drivers: remove __dev* attributes. 2013-01-03 15:57:13 -08:00
irq_regs.h
irq_remapping.h iommu: rename intr_remapping.[ch] to irq_remapping.[ch] 2012-05-07 14:35:00 +02:00
irq.h ia64: move nr-irqs.h to include/generated 2009-12-12 13:08:14 +01:00
irqflags.h [IA64] Fix include dependency in asm/irqflags.h 2013-06-17 13:39:52 -07:00
Kbuild sched, arch: Create asm/preempt.h 2013-09-25 14:07:50 +02:00
kdebug.h
kexec.h Disintegrate asm/system.h for IA64 2012-03-28 18:30:02 +01:00
kmap_types.h kmap_types: make most arches use generic header file 2009-06-16 19:47:51 -07:00
kprobes.h [IA64] sanity in #include files. Move fnptr to types.h 2010-01-06 15:52:35 -08:00
kregs.h
kvm_host.h KVM: IA64: Carry non-ia64 changes into ia64 2013-04-26 20:27:27 +02:00
libata-portmap.h
linkage.h consolidate cond_syscall and SYSCALL_ALIAS declarations 2013-03-03 22:55:19 -05:00
local64.h arch: Implement local64_t 2010-06-09 11:12:36 +02:00
local.h
machvec_dig_vtd.h [IA64] Rename platform_name to ia64_platform_name 2012-07-25 11:47:16 -07:00
machvec_dig.h [IA64] Rename platform_name to ia64_platform_name 2012-07-25 11:47:16 -07:00
machvec_hpsim.h [IA64] Rename platform_name to ia64_platform_name 2012-07-25 11:47:16 -07:00
machvec_hpzx1_swiotlb.h [IA64] Rename platform_name to ia64_platform_name 2012-07-25 11:47:16 -07:00
machvec_hpzx1.h [IA64] Rename platform_name to ia64_platform_name 2012-07-25 11:47:16 -07:00
machvec_init.h
machvec_sn2.h [IA64] Rename platform_name to ia64_platform_name 2012-07-25 11:47:16 -07:00
machvec_uv.h [IA64] Rename platform_name to ia64_platform_name 2012-07-25 11:47:16 -07:00
machvec_xen.h [IA64] Rename platform_name to ia64_platform_name 2012-07-25 11:47:16 -07:00
machvec.h [IA64] Rename platform_name to ia64_platform_name 2012-07-25 11:47:16 -07:00
mc146818rtc.h
mca_asm.h Disintegrate asm/system.h for IA64 2012-03-28 18:30:02 +01:00
mca.h Fix initialization of CMCI/CMCP interrupts 2013-04-02 09:37:06 -07:00
meminit.h ia64: don't alias VMALLOC_END to vmalloc_end 2009-10-02 13:28:55 +09:00
mman.h UAPI: (Scripted) Disintegrate arch/ia64/include/asm 2012-10-09 09:47:00 +01:00
mmu_context.h cpumask: use mm_cpumask() wrapper: ia64 2009-03-16 14:12:48 +10:30
mmu.h
mmzone.h [IA64] removing redundant ifdef 2010-05-18 14:45:52 -07:00
module.h Make most arch asm/module.h files use asm-generic/module.h 2012-09-28 14:31:03 +09:30
msidef.h ia64: Move the macro definitions related to MSI to one header file. 2009-03-24 11:03:12 +02:00
mutex.h arch: Make __mutex_fastpath_lock_retval return whether fastpath succeeded or not 2013-06-26 12:10:55 +02:00
nodedata.h
numa.h Fix build error for numa_clear_node() under IA64 2013-04-02 09:39:48 -07:00
page.h Disintegrate asm/system.h for IA64 2012-03-28 18:30:02 +01:00
pal.h Fix common misspellings 2011-03-31 11:26:23 -03:00
param.h UAPI: (Scripted) Disintegrate arch/ia64/include/asm 2012-10-09 09:47:00 +01:00
paravirt_patch.h ia64/pv_op/binarypatch: add helper functions to support binary patching for paravirt_ops. 2009-03-26 11:02:31 -07:00
paravirt_privop.h [IA64] fix allmodconfig compilation breakage. 2009-04-20 09:46:29 -07:00
paravirt.h static keys: Introduce 'struct static_key', static_key_true()/false() and static_key_slow_[inc|dec]() 2012-02-24 10:05:59 +01:00
parport.h IA64: drivers: remove __dev* attributes. 2013-01-03 15:57:13 -08:00
patch.h
pci.h PCI/IA64: fix memleak for create pci root bus fail 2013-06-18 09:46:22 -07:00
percpu.h Merge branch 'for-35' of git://repo.or.cz/linux-kbuild 2010-06-01 08:55:52 -07:00
perfmon.h UAPI: (Scripted) Disintegrate arch/ia64/include/asm 2012-10-09 09:47:00 +01:00
pgalloc.h mm: Pass virtual address to [__]p{te,ud,md}_free_tlb() 2009-07-27 12:10:38 -07:00
pgtable.h consolidate io_remap_pfn_range definitions 2013-06-29 12:46:35 +04:00
processor.h exec/ptrace: fix get_dumpable() incorrect tests 2013-11-13 12:09:33 +09:00
ptrace.h new helper: current_user_stack_pointer() 2012-12-19 18:07:39 -05:00
pvclock-abi.h
rwsem.h rwsem: Move duplicate function prototypes to linux/rwsem.h 2011-01-27 12:30:39 +01:00
sal.h Disintegrate asm/system.h for IA64 2012-03-28 18:30:02 +01:00
scatterlist.h remove needless ISA_DMA_THRESHOLD 2010-08-07 18:15:50 +02:00
sections.h
segment.h
serial.h
shmparam.h
siginfo.h UAPI: (Scripted) Disintegrate arch/ia64/include/asm 2012-10-09 09:47:00 +01:00
signal.h consolidate kernel-side struct sigaction declarations 2013-02-03 15:09:22 -05:00
smp.h IA64: drivers: remove __dev* attributes. 2013-01-03 15:57:13 -08:00
sparsemem.h
spinlock_types.h locking: Convert raw_rwlock to arch_rwlock 2009-12-14 23:55:32 +01:00
spinlock.h lockref: Implement lockref for Itanium 2013-09-04 17:18:56 -07:00
string.h
swiotlb.h swiotlb: Remove duplicate swiotlb_force extern declarations 2009-11-15 09:03:10 +01:00
switch_to.h cputime: Consolidate vtime handling on context switch 2012-08-20 13:05:28 +02:00
sync_bitops.h
syscall.h [IA64] Remove COMPAT_IA32 support 2010-02-08 10:42:17 -08:00
termios.h UAPI: (Scripted) Disintegrate arch/ia64/include/asm 2012-10-09 09:47:00 +01:00
thread_info.h arch: Consolidate tsk_is_polling() 2013-04-08 17:39:22 +02:00
timex.h ia64/pv_ops/pv_time_ops: add sched_clock hook. 2009-03-26 10:50:42 -07:00
tlb.h Fix TLB gather virtual address range invalidation corner cases 2013-08-16 08:52:46 -07:00
tlbflush.h
topology.h sched/numa: Rewrite the CONFIG_NUMA sched domain support 2012-05-09 15:00:55 +02:00
types.h UAPI: (Scripted) Disintegrate arch/ia64/include/asm 2012-10-09 09:47:00 +01:00
uaccess.h
unaligned.h
uncached.h
unistd.h consolidate cond_syscall and SYSCALL_ALIAS declarations 2013-03-03 22:55:19 -05:00
unwind.h
user.h
ustack.h UAPI: (Scripted) Disintegrate arch/ia64/include/asm 2012-10-09 09:47:00 +01:00
vga.h
xor.h