• Hugh Dickins's avatar
    fix setuid sometimes doesn't · e426b64c
    Hugh Dickins authored
    Joe Malicki reports that setuid sometimes doesn't: very rarely,
    a setuid root program does not get root euid; and, by the way,
    they have a health check running lsof every few minutes.
    
    Right, check_unsafe_exec() notes whether the files_struct is being
    shared by more threads than will get killed by the exec, and if so
    sets LSM_UNSAFE_SHARE to make bprm_set_creds() careful about euid.
    But /proc/<pid>/fd and /proc/<pid>/fdinfo lookups make transient
    use of get_files_struct(), which also raises that sharing count.
    
    There's a rather simple fix for this: exec's check on files->count
    has been redundant ever since 2.6.1 made it unshare_files() (except
    while compat_do_execve() omitted to do so) - just remove that check.
    
    [Note to -stable: this patch will not apply before 2.6.29: earlier
    releases should just remove the files->count line from unsafe_exec().]
    Reported-by: default avatarJoe Malicki <jmalicki@metacarta.com>
    Narrowed-down-by: default avatarMichael Itz <mitz@metacarta.com>
    Tested-by: default avatarJoe Malicki <jmalicki@metacarta.com>
    Signed-off-by: default avatarHugh Dickins <hugh@veritas.com>
    Cc: stable@kernel.org
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    e426b64c
internal.h 1.49 KB