git.kernel.dk Git - linux-2.6-block.git/commit

author	Kees Cook <keescook@chromium.org>
	Thu, 2 Jul 2020 22:45:23 +0000 (15:45 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 16 Jul 2020 06:13:30 +0000 (08:13 +0200)
commit	3a2cfe930439ee41b9f4d77453c00592a54f9e1a
tree	0db9cdac95110aa2b9db408a358124b0b0bc6776	tree
parent	53e789aef0cd80c52d9b6a3ae940fd569d4318d4	commit \| diff

bpf: Check correct cred for CAP_SYSLOG in bpf_dump_raw_ok()

commit 63960260457a02af2a6cb35d75e6bdb17299c882 upstream.

When evaluating access control over kallsyms visibility, credentials at
open() time need to be used, not the "current" creds (though in BPF's
case, this has likely always been the same). Plumb access to associated
file->f_cred down through bpf_dump_raw_ok() and its callers now that
kallsysm_show_value() has been refactored to take struct cred.

Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: bpf@vger.kernel.org
Cc: stable@vger.kernel.org
Fixes: 7105e828c087 ("bpf: allow for correlation of maps and helpers in dump")
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

include/linux/filter.h		diff \| blob \| blame \| history
kernel/bpf/syscall.c		diff \| blob \| blame \| history
net/core/sysctl_net_core.c		diff \| blob \| blame \| history