[CRIU] PR_SET_MM_MAP and capability check
Takashi Iwai
tiwai at suse.de
Thu Jun 16 07:08:04 PDT 2016
Hi,
while dealing with a security issue CVE-2016-1583, I noticed that
PR_SET_MM_MAP is executed before the capability check in
kernel/sys.c. This is one of the things the crasher code in that bug
is abusing. Now I wonder whether it's safer to move it after the
capability check like other PR_SET_MM_* calls.
My understanding is that it's done for allowing non-root user to C/R.
But, currently C/R by a non-root user doesn't work properly in anyway
(most of NS and other tweaks need CAP_SYS_RESOURCES or CAP_SYS_ADMIN),
and leaving this might be seen as a weak point.
thanks,
Takashi
More information about the CRIU
mailing list