diff options
| author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-04-04 08:35:24 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-04-04 08:35:24 +0200 |
| commit | e1676b55d874a43646e8b2c46d87f2f3e45516ff (patch) | |
| tree | edace34de9ac517129203cbe252f9e4fe8a739ca | |
| parent | a5b5352558f6808db0589644ea5401b3e3148a0d (diff) | |
| download | stable-queue-e1676b55d874a43646e8b2c46d87f2f3e45516ff.tar.gz | |
4.4-stable patches
added patches:
binfmt_elf-switch-to-new-creds-when-switching-to-new-mm.patch
| -rw-r--r-- | queue-4.4/binfmt_elf-switch-to-new-creds-when-switching-to-new-mm.patch | 57 | ||||
| -rw-r--r-- | queue-4.4/series | 1 |
2 files changed, 58 insertions, 0 deletions
diff --git a/queue-4.4/binfmt_elf-switch-to-new-creds-when-switching-to-new-mm.patch b/queue-4.4/binfmt_elf-switch-to-new-creds-when-switching-to-new-mm.patch new file mode 100644 index 0000000000..79c55dd629 --- /dev/null +++ b/queue-4.4/binfmt_elf-switch-to-new-creds-when-switching-to-new-mm.patch @@ -0,0 +1,57 @@ +From 9f834ec18defc369d73ccf9e87a2790bfa05bf46 Mon Sep 17 00:00:00 2001 +From: Linus Torvalds <torvalds@linux-foundation.org> +Date: Mon, 22 Aug 2016 16:41:46 -0700 +Subject: binfmt_elf: switch to new creds when switching to new mm +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Linus Torvalds <torvalds@linux-foundation.org> + +commit 9f834ec18defc369d73ccf9e87a2790bfa05bf46 upstream. + +We used to delay switching to the new credentials until after we had +mapped the executable (and possible elf interpreter). That was kind of +odd to begin with, since the new executable will actually then _run_ +with the new creds, but whatever. + +The bigger problem was that we also want to make sure that we turn off +prof events and tracing before we start mapping the new executable +state. So while this is a cleanup, it's also a fix for a possible +information leak. + +Reported-by: Robert Święcki <robert@swiecki.net> +Tested-by: Peter Zijlstra <peterz@infradead.org> +Acked-by: David Howells <dhowells@redhat.com> +Acked-by: Oleg Nesterov <oleg@redhat.com> +Acked-by: Andy Lutomirski <luto@amacapital.net> +Acked-by: Eric W. Biederman <ebiederm@xmission.com> +Cc: Willy Tarreau <w@1wt.eu> +Cc: Kees Cook <keescook@chromium.org> +Cc: Al Viro <viro@zeniv.linux.org.uk> +Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> +Cc: Federico Manuel Bento <up201407890@fc.up.pt> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> + +--- + fs/binfmt_elf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/binfmt_elf.c ++++ b/fs/binfmt_elf.c +@@ -850,6 +850,7 @@ static int load_elf_binary(struct linux_ + current->flags |= PF_RANDOMIZE; + + setup_new_exec(bprm); ++ install_exec_creds(bprm); + + /* Do this so that we can load the interpreter, if need be. We will + change some of these later */ +@@ -1084,7 +1085,6 @@ static int load_elf_binary(struct linux_ + goto out; + #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */ + +- install_exec_creds(bprm); + retval = create_elf_tables(bprm, &loc->elf_ex, + load_addr, interp_load_addr); + if (retval < 0) diff --git a/queue-4.4/series b/queue-4.4/series index f7dad6b694..ea1884e7f9 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -66,3 +66,4 @@ wlcore-fix-memory-leak-in-case-wl12xx_fetch_firmware.patch x86-build-mark-per-cpu-symbols-as-absolute-explicitl.patch dmaengine-tegra-avoid-overflow-of-byte-tracking.patch drm-dp-mst-configure-no_stop_bit-correctly-for-remot.patch +binfmt_elf-switch-to-new-creds-when-switching-to-new-mm.patch |
