diff options
| author | Mike Rapoport <[email protected]> | 2019-11-30 17:58:01 -0800 |
|---|---|---|
| committer | Linus Torvalds <[email protected]> | 2019-12-01 12:59:10 -0800 |
| commit | 3c1c24d91ffd536de0a64688a9df7f49e58fadbc (patch) | |
| tree | 69fdc01c320cfd21b656fb76616c663c33bef80f /tools/perf/scripts/python/exported-sql-viewer.py | |
| parent | 9d4678eb170c4c632174d1fec8ecee31c2f314f9 (diff) | |
userfaultfd: require CAP_SYS_PTRACE for UFFD_FEATURE_EVENT_FORK
A while ago Andy noticed
(http://lkml.kernel.org/r/CALCETrWY+5ynDct7eU_nDUqx=okQvjm=Y5wJvA4ahBja=CQXGw@mail.gmail.com)
that UFFD_FEATURE_EVENT_FORK used by an unprivileged user may have
security implications.
As the first step of the solution the following patch limits the availably
of UFFD_FEATURE_EVENT_FORK only for those having CAP_SYS_PTRACE.
The usage of CAP_SYS_PTRACE ensures compatibility with CRIU.
Yet, if there are other users of non-cooperative userfaultfd that run
without CAP_SYS_PTRACE, they would be broken :(
Current implementation of UFFD_FEATURE_EVENT_FORK modifies the file
descriptor table from the read() implementation of uffd, which may have
security implications for unprivileged use of the userfaultfd.
Limit availability of UFFD_FEATURE_EVENT_FORK only for callers that have
CAP_SYS_PTRACE.
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Mike Rapoport <[email protected]>
Reviewed-by: Andrea Arcangeli <[email protected]>
Cc: Daniel Colascione <[email protected]>
Cc: Jann Horn <[email protected]>
Cc: Lokesh Gidra <[email protected]>
Cc: Nick Kralevich <[email protected]>
Cc: Nosh Minwalla <[email protected]>
Cc: Pavel Emelyanov <[email protected]>
Cc: Tim Murray <[email protected]>
Cc: Aleksa Sarai <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/exported-sql-viewer.py')
0 files changed, 0 insertions, 0 deletions