From patchwork Wed May 1 23:35:16 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Henriques X-Patchwork-Id: 240860 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id BEF2D2C00EF for ; Thu, 2 May 2013 09:35:49 +1000 (EST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from ) id 1UXgYp-0000oT-Pk; Wed, 01 May 2013 23:35:43 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from ) id 1UXgYR-0000ao-UN for kernel-team@lists.ubuntu.com; Wed, 01 May 2013 23:35:19 +0000 Received: from [206.15.84.130] (helo=localhost) by youngberry.canonical.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1UXgYQ-0002zG-Ip; Wed, 01 May 2013 23:35:19 +0000 From: Luis Henriques To: Linus Torvalds Subject: [ 3.5.y.z extended stable ] Patch "net: fix incorrect credentials passing" has been added to staging queue Date: Thu, 2 May 2013 00:35:16 +0100 Message-Id: <1367451316-20489-1-git-send-email-luis.henriques@canonical.com> X-Mailer: git-send-email 1.8.1.2 X-Extended-Stable: 3.5 Cc: stable@vger.kernel.org, Andy Lutomirski , kernel-team@lists.ubuntu.com, "Eric W. Biederman" , "David S. Miller" , "Serge E. Hallyn" X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.14 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: kernel-team-bounces@lists.ubuntu.com This is a note to let you know that I have just added a patch titled net: fix incorrect credentials passing to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree which can be found at: http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue If you, or anyone else, feels it should not be added to this tree, please reply to this email. For more information about the 3.5.y.z tree, see https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable Thanks. -Luis ------ From 96dccef311064140d618805bb486db23019974e6 Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Fri, 19 Apr 2013 15:32:32 +0000 Subject: [PATCH] net: fix incorrect credentials passing commit 83f1b4ba917db5dc5a061a44b3403ddb6e783494 upstream. Commit 257b5358b32f ("scm: Capture the full credentials of the scm sender") changed the credentials passing code to pass in the effective uid/gid instead of the real uid/gid. Obviously this doesn't matter most of the time (since normally they are the same), but it results in differences for suid binaries when the wrong uid/gid ends up being used. This just undoes that (presumably unintentional) part of the commit. Reported-by: Andy Lutomirski Cc: Eric W. Biederman Cc: Serge E. Hallyn Cc: David S. Miller Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds Acked-by: "Eric W. Biederman" Signed-off-by: David S. Miller [ luis: backport to 3.5 based on davem backport to 3.4 ] Signed-off-by: Luis Henriques --- include/linux/socket.h | 3 ++- include/net/scm.h | 2 +- net/core/sock.c | 14 ++++++++++---- 3 files changed, 13 insertions(+), 6 deletions(-) -- 1.8.1.2 diff --git a/include/linux/socket.h b/include/linux/socket.h index 25d6322..2a32b9d 100644 --- a/include/linux/socket.h +++ b/include/linux/socket.h @@ -316,7 +316,8 @@ struct ucred { /* IPX options */ #define IPX_TYPE 1 -extern void cred_to_ucred(struct pid *pid, const struct cred *cred, struct ucred *ucred); +extern void cred_to_ucred(struct pid *pid, const struct cred *cred, struct ucred *ucred, + bool use_effective); extern int memcpy_fromiovec(unsigned char *kdata, struct iovec *iov, int len); extern int memcpy_fromiovecend(unsigned char *kdata, const struct iovec *iov, diff --git a/include/net/scm.h b/include/net/scm.h index 0c0017c..9f211cf 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -50,7 +50,7 @@ static __inline__ void scm_set_cred(struct scm_cookie *scm, { scm->pid = get_pid(pid); scm->cred = cred ? get_cred(cred) : NULL; - cred_to_ucred(pid, cred, &scm->creds); + cred_to_ucred(pid, cred, &scm->creds, false); } static __inline__ void scm_destroy_cred(struct scm_cookie *scm) diff --git a/net/core/sock.c b/net/core/sock.c index c5f765c..5d30122 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -807,15 +807,20 @@ EXPORT_SYMBOL(sock_setsockopt); void cred_to_ucred(struct pid *pid, const struct cred *cred, - struct ucred *ucred) + struct ucred *ucred, bool use_effective) { ucred->pid = pid_vnr(pid); ucred->uid = ucred->gid = -1; if (cred) { struct user_namespace *current_ns = current_user_ns(); - ucred->uid = from_kuid(current_ns, cred->euid); - ucred->gid = from_kgid(current_ns, cred->egid); + if (use_effective) { + ucred->uid = from_kuid(current_ns, cred->euid); + ucred->gid = from_kgid(current_ns, cred->egid); + } else { + ucred->uid = from_kuid(current_ns, cred->uid); + ucred->gid = from_kgid(current_ns, cred->gid); + } } } EXPORT_SYMBOL_GPL(cred_to_ucred); @@ -976,7 +981,8 @@ int sock_getsockopt(struct socket *sock, int level, int optname, struct ucred peercred; if (len > sizeof(peercred)) len = sizeof(peercred); - cred_to_ucred(sk->sk_peer_pid, sk->sk_peer_cred, &peercred); + cred_to_ucred(sk->sk_peer_pid, sk->sk_peer_cred, + &peercred, true); if (copy_to_user(optval, &peercred, len)) return -EFAULT; goto lenout;