Patch "net: Check the correct namespace when spoofing pid over SCM_RIGHTS" has been added to the 3.10-stable tree

Mon, 23 Sep 2013 14:23:03 -0700 

This is a note to let you know that I've just added the patch titled

    net: Check the correct namespace when spoofing pid over SCM_RIGHTS

to the 3.10-stable tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     net-check-the-correct-namespace-when-spoofing-pid-over-scm_rights.patch
and it can be found in the queue-3.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.


>From d661684cf6820331feae71146c35da83d794467e Mon Sep 17 00:00:00 2001
From: Andy Lutomirski <[email protected]>
Date: Thu, 22 Aug 2013 11:39:15 -0700
Subject: net: Check the correct namespace when spoofing pid over SCM_RIGHTS

From: Andy Lutomirski <[email protected]>

commit d661684cf6820331feae71146c35da83d794467e upstream.

This is a security bug.

The follow-up will fix nsproxy to discourage this type of issue from
happening again.

Signed-off-by: Andy Lutomirski <[email protected]>
Reviewed-by: "Eric W. Biederman" <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
 net/core/scm.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -54,7 +54,7 @@ static __inline__ int scm_check_creds(st
                return -EINVAL;
 
        if ((creds->pid == task_tgid_vnr(current) ||
-            ns_capable(current->nsproxy->pid_ns->user_ns, CAP_SYS_ADMIN)) &&
+            ns_capable(task_active_pid_ns(current)->user_ns, CAP_SYS_ADMIN)) &&
            ((uid_eq(uid, cred->uid)   || uid_eq(uid, cred->euid) ||
              uid_eq(uid, cred->suid)) || nsown_capable(CAP_SETUID)) &&
            ((gid_eq(gid, cred->gid)   || gid_eq(gid, cred->egid) ||


Patches currently in stable-queue which might be from [email protected] are

queue-3.10/net-check-the-correct-namespace-when-spoofing-pid-over-scm_rights.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to