[Kernel] Re: [PATCH OpenHarmony-5.10 09/18] cgroup: Use open-time credentials for process migraton perm checks

在 2022/1/24 9:03, yiyuchangchun@126.com 写道:

From: Tejun Heo

mainline inclusion from mainline commit 1756d7994ad85c2479af6ae5a9750b92324685af issue: #I4RVJ4 CVE: CVE-2021-4197

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...

Signed-off-by: Yu Changchun --------------------------------

cgroup process migration permission checks are performed at write time as whether a given operation is allowed or not is dependent on the content of the write - the PID. This currently uses current's credentials which is a potential security weakness as it may allow scenarios where a less privileged process tricks a more privileged one into writing into a fd that it created.

This patch makes both cgroup2 and cgroup1 process migration interfaces to use the credentials saved at the time of open (file->f_cred) instead of current's.

Reported-by: "Eric W. Biederman" Suggested-by: Linus Torvalds Fixes: 187fe84067bd ("cgroup: require write perm on common ancestor when moving processes on the default hierarchy") Reviewed-by: Michal Koutný Signed-off-by: Tejun Heo Conflict: kernel/cgroup/cgroup-v1.c Signed-off-by: Lu Jialin Signed-off-by: Zheng Zengkai Signed-off-by: Yu Changchun --- kernel/cgroup/cgroup-v1.c | 7 ++++--- kernel/cgroup/cgroup.c | 9 ++++++++- 2 files changed, 12 insertions(+), 4 deletions(-)

Reviewed-by: Wei Yongjun