signals: check_kill_permission: don't check creds if same_thread_group()
in [Kernel]
|
Prev: linux-next: Tree for May 20 (radeon_pm build problem)
Next: [GIT PULL] perf fix (preempt count imbalance on buffer)
From: Andrew Morton on 20 May 2010 15:50 On Mon, 17 May 2010 21:54:14 +0200 Oleg Nesterov <oleg(a)redhat.com> wrote: > Andrew Tridgell reports that aio_read(SIGEV_SIGNAL) can fail if the > the notification from the helper thread races with setresuid(), see > http://samba.org/~tridge/junkcode/aio_uid.c > > This happens because check_kill_permission() doesn't allow to send > a signal to the task with the different cred->xids. But there is no > any security reason to check ->cred's when the task sends a signal > (private or group-wide) to its sub-thread. Whatever we do, any thread > can bypass all security checks and send SIGKILL to all threads, or > it can block a signal SIG and do kill(gettid(), SIG) to deliver this > signal to another sub-thread. Not to mention that CLONE_THREAD implies > CLONE_VM. > > Change check_kill_permission() to avoid the credentials check when > the sender and the target are from the same thread group. > > Also, move "cred = current_cred()" down to avoid calling get_current() > twice. > > Note: David Howells pointed out we could relax this even more, the > CLONE_SIGHAND (without CLONE_THREAD) case probably does not need > these checks too. So... which kernel(s) do we think this fix should be merged into? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Roland McGrath on 20 May 2010 16:10
> So... which kernel(s) do we think this fix should be merged into? I'd say all. The glibc (libpthread) that does set*id across threads has been in use for a while (2.3.4?), probably in distro's using kernels as old or older than any active -stable streams. In the race in question, this kernel bug is breaking valid POSIX application expectations. Thanks, Roland -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ |