search

linux-test-project / ltp

Linux Test Project (mailing list: https://lists.linux.it/listinfo/ltp)
https://linux-test-project.readthedocs.io/
GNU General Public License v2.0
2.31k stars 1.01k forks source link

namei: allow restricted O_CREAT of FIFOs and regular files #574

Open metan-ucw opened 5 years ago

metan-ucw commented 5 years ago

Write test for:

commit 30aba6656f61ed44cba445a3c0d38b296fa9e8f5 Author: Salvatore Mesoraca s.mesoraca16@gmail.com Date: Thu Aug 23 17:00:35 2018 -0700

namei: allow restricted O_CREAT of FIFOs and regular files

Disallows open of FIFOs or regular files not owned by the user in world
writable sticky directories, unless the owner is the same as that of the
directory or the file is opened without the O_CREAT flag.  The purpose
is to make data spoofing attacks harder.  This protection can be turned
on and off separately for FIFOs and regular files via sysctl, just like
the symlinks/hardlinks protection.  This patch is based on Openwall's
"HARDEN_FIFO" feature by Solar Designer.

This is a brief list of old vulnerabilities that could have been prevented
by this feature, some of them even allow for privilege escalation:

CVE-2000-1134
CVE-2007-3852
CVE-2008-0525
CVE-2009-0416
CVE-2011-4834
CVE-2015-1838
CVE-2015-7442
CVE-2016-7489
coolgw commented 11 months ago

https://patchwork.ozlabs.org/project/ltp/patch/20231009112047.2359-1-wegao@suse.com/

coolgw commented 3 months ago

Need update patch, will work on it.

pevik commented 3 months ago

v3 from Wei: https://patchwork.ozlabs.org/project/ltp/patch/20240603125514.683-1-wegao@suse.com/