APPLIED: [PATCH 0/1][SRU][B/D] CVE-2019-13272: ptrace privilege escalation
Khaled Elmously
khalid.elmously at canonical.com
Fri Jul 19 02:44:31 UTC 2019
On 2019-07-18 22:22:58 , Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13272.html
>
> In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c
> mishandles the recording of the credentials of a process that wants to
> create a ptrace relationship, which allows local users to obtain root
> access by leveraging certain scenarios with a parent-child process
> relationship, where a parent drops privileges and calls execve
> (potentially allowing control by an attacker). One contributing factor
> is an object lifetime issue (which can also cause a panic). Another
> contributing factor is incorrect marking of a ptrace relationship as
> privileged, which is exploitable through (for example) Polkit's pkexec
> helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable
> workaround in some environments.
>
> Clean cherry pick. I've modified the PoC in the Project Zero bug report
> to work on Ubuntu and verified that the fix does prevent the PoC from
> working. I also successfully ran the AppArmor ptrace regression tests to
> verify that there's no unexpected changes in the AppArmor ptrace
> mediation.
>
> Tyler
>
> Jann Horn (1):
> ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
>
> kernel/ptrace.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> --
> 2.7.4
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list