[PATCH 0/1] v2: CVE-2015-1350

Khalid Elmously khalid.elmously at canonical.com
Tue Dec 12 19:04:53 UTC 2017


CVE-2015-1350

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of
requirements for setattr operations that underspecifies removing extended
privilege attributes, which allows local users to cause a denial of service
(capability stripping) via a failed invocation of a system call, as
demonstrated by using chown to remove a capability from the ping or
Wireshark dumpcap program.


This fix brings in the 'spirit' of 030b533c4fd4d2ec3402363323de4bb2983c9cee without the refactoring that was first done upstream. The more complete solution would also include these upstream commits (in order):

69bca80744eef58fa155e8042996b968fec17b26	xfs: Propagate dentry down to inode_change_ok()
5955102c9984fa081b2d570cfac75c97eecf8f3b	wrappers for ->i_mutex access
b296821a7c42fa58baa17513b2b7b30ae66f3336	xattr_handler: pass dentry and inode as separate arguments of ->get()
ce23e640133484eebc20ca7b7668388213e11327	->getxattr(): pass dentry and inode as separate arguments
a26feccaba296bd0ae410eabce79cb3443c8a701	ceph: Get rid of d_find_alias in ceph_set_acl
fd5472ed44683cf593322a2ef54b9a7675dc780a	ceph: Propagate dentry down to inode_change_ok()
62490330769c1ce5dcba3f1f3e8f4005e9b797e6	fuse: Propagate dentry down to inode_change_ok()
31051c85b5e2aaaf6315f74c72a732673632a905	fs: Give dentry to inode_change_ok() instead of inode


Jan Kara (1):
  fs: Avoid premature clearing of capabilities

 fs/attr.c | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

-- 
2.14.1





More information about the kernel-team mailing list