diff options
| author | Tom Marshall <tdm.code@gmail.com> | 2017-01-25 18:01:03 +0100 |
|---|---|---|
| committer | Davide Garberi <dade.garberi@gmail.com> | 2019-03-23 19:29:23 +0100 |
| commit | e8cb49ac364dd109949ccbffbf1f9df55a9903dd (patch) | |
| tree | eb3e72210fcb489ff9600623d865dbf9572282ea /kernel | |
| parent | 444a015e0c62c518e79baeeabbbb18fed7207564 (diff) | |
kernel: Only expose su when daemon is running
It has been claimed that the PG implementation of 'su' has security
vulnerabilities even when disabled. Unfortunately, the people that
find these vulnerabilities often like to keep them private so they
can profit from exploits while leaving users exposed to malicious
hackers.
In order to reduce the attack surface for vulnerabilites, it is
therefore necessary to make 'su' completely inaccessible when it
is not in use (except by the root and system users).
Change-Id: I79716c72f74d0b7af34ec3a8054896c6559a181d
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/exit.c | 4 | ||||
| -rw-r--r-- | kernel/fork.c | 1 | ||||
| -rw-r--r-- | kernel/sched/core.c | 32 |
3 files changed, 37 insertions, 0 deletions
diff --git a/kernel/exit.c b/kernel/exit.c index 8e288e8e9ca3..0dd392dd94e9 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -725,6 +725,10 @@ void do_exit(long code) sched_exit(tsk); schedtune_exit_task(tsk); + if (tsk->flags & PF_SU) { + su_exit(); + } + /* * tsk->flags are checked in the futex code to protect against * an exiting task cleaning up the robust pi futexes. diff --git a/kernel/fork.c b/kernel/fork.c index 25d0a60d166c..b14c2b3a59fc 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -360,6 +360,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig, int node) if (err) goto free_stack; + tsk->flags &= ~PF_SU; tsk->stack = stack; err = kaiser_map_thread_stack(tsk->stack); diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 6b9021b9bc26..765749768b93 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -98,6 +98,38 @@ #define CREATE_TRACE_POINTS #include <trace/events/sched.h> +static atomic_t __su_instances; + +int su_instances(void) +{ + return atomic_read(&__su_instances); +} + +bool su_running(void) +{ + return su_instances() > 0; +} + +bool su_visible(void) +{ + kuid_t uid = current_uid(); + if (su_running()) + return true; + if (uid_eq(uid, GLOBAL_ROOT_UID) || uid_eq(uid, GLOBAL_SYSTEM_UID)) + return true; + return false; +} + +void su_exec(void) +{ + atomic_inc(&__su_instances); +} + +void su_exit(void) +{ + atomic_dec(&__su_instances); +} + ATOMIC_NOTIFIER_HEAD(load_alert_notifier_head); DEFINE_MUTEX(sched_domains_mutex); |