[PATCH 0/1][SRU][B/D] CVE-2019-13272: ptrace privilege escalation
Tyler Hicks
tyhicks at canonical.com
Thu Jul 18 22:22:58 UTC 2019
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13272.html
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c
mishandles the recording of the credentials of a process that wants to
create a ptrace relationship, which allows local users to obtain root
access by leveraging certain scenarios with a parent-child process
relationship, where a parent drops privileges and calls execve
(potentially allowing control by an attacker). One contributing factor
is an object lifetime issue (which can also cause a panic). Another
contributing factor is incorrect marking of a ptrace relationship as
privileged, which is exploitable through (for example) Polkit's pkexec
helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable
workaround in some environments.
Clean cherry pick. I've modified the PoC in the Project Zero bug report
to work on Ubuntu and verified that the fix does prevent the PoC from
working. I also successfully ran the AppArmor ptrace regression tests to
verify that there's no unexpected changes in the AppArmor ptrace
mediation.
Tyler
Jann Horn (1):
ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
kernel/ptrace.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--
2.7.4
More information about the kernel-team
mailing list