diff options
| author |   Kees Cook <keescook@chromium.org> | 2020-07-02 15:45:23 -0700 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2020-07-08 16:01:21 -0700 |
| commit | 63960260457a02af2a6cb35d75e6bdb17299c882 (patch) | |
| tree | f228a9c11508b12047dba30ae47457d4043955ea /net/core | |
| parent | kprobes: Do not expose probe addresses to non-CAP_SYSLOG (diff) | |
| download | linux-dev-63960260457a02af2a6cb35d75e6bdb17299c882.tar.xz linux-dev-63960260457a02af2a6cb35d75e6bdb17299c882.zip | |
bpf: Check correct cred for CAP_SYSLOG in bpf_dump_raw_ok()
When evaluating access control over kallsyms visibility, credentials at
open() time need to be used, not the "current" creds (though in BPF's
case, this has likely always been the same). Plumb access to associated
file->f_cred down through bpf_dump_raw_ok() and its callers now that
kallsysm_show_value() has been refactored to take struct cred.
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: bpf@vger.kernel.org
Cc: stable@vger.kernel.org
Fixes: 7105e828c087 ("bpf: allow for correlation of maps and helpers in dump")
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'net/core')
| -rw-r--r-- | net/core/sysctl_net_core.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c index f93f8ace6c56..6ada114bbcca 100644 --- a/net/core/sysctl_net_core.c +++ b/net/core/sysctl_net_core.c @@ -274,7 +274,7 @@ static int proc_dointvec_minmax_bpf_enable(struct ctl_table *table, int write, ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); if (write && !ret) { if (jit_enable < 2 || - (jit_enable == 2 && bpf_dump_raw_ok())) { + (jit_enable == 2 && bpf_dump_raw_ok(current_cred()))) { *(int *)table->data = jit_enable; if (jit_enable == 2) pr_warn("bpf_jit_enable = 2 was set! NEVER use this in production, only for JIT debugging!\n"); |