[PATCH 15/24] net: Check the correct namespace when spoofing pid over SCM_RIGHTS
Kamal Mostafa
kamal at canonical.com
Mon Sep 9 18:45:05 UTC 2013
3.8.13.9 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Lutomirski <luto at amacapital.net>
commit d661684cf6820331feae71146c35da83d794467e upstream.
This is a security bug.
The follow-up will fix nsproxy to discourage this type of issue from
happening again.
Signed-off-by: Andy Lutomirski <luto at amacapital.net>
Reviewed-by: "Eric W. Biederman" <ebiederm at xmission.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
net/core/scm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/core/scm.c b/net/core/scm.c
index 2dc6cda..7b6d0d9 100644
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -54,7 +54,7 @@ static __inline__ int scm_check_creds(struct ucred *creds)
return -EINVAL;
if ((creds->pid == task_tgid_vnr(current) ||
- ns_capable(current->nsproxy->pid_ns->user_ns, CAP_SYS_ADMIN)) &&
+ ns_capable(task_active_pid_ns(current)->user_ns, CAP_SYS_ADMIN)) &&
((uid_eq(uid, cred->uid) || uid_eq(uid, cred->euid) ||
uid_eq(uid, cred->suid)) || nsown_capable(CAP_SETUID)) &&
((gid_eq(gid, cred->gid) || gid_eq(gid, cred->egid) ||
--
1.8.1.2
More information about the kernel-team
mailing list