diff options
author | Kees Cook <keescook@chromium.org> | 2020-07-03 00:45:23 +0200 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2020-07-09 01:01:21 +0200 |
commit | 63960260457a02af2a6cb35d75e6bdb17299c882 (patch) | |
tree | f228a9c11508b12047dba30ae47457d4043955ea /include | |
parent | kprobes: Do not expose probe addresses to non-CAP_SYSLOG (diff) | |
download | linux-63960260457a02af2a6cb35d75e6bdb17299c882.tar.xz linux-63960260457a02af2a6cb35d75e6bdb17299c882.zip |
bpf: Check correct cred for CAP_SYSLOG in bpf_dump_raw_ok()
When evaluating access control over kallsyms visibility, credentials at
open() time need to be used, not the "current" creds (though in BPF's
case, this has likely always been the same). Plumb access to associated
file->f_cred down through bpf_dump_raw_ok() and its callers now that
kallsysm_show_value() has been refactored to take struct cred.
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: bpf@vger.kernel.org
Cc: stable@vger.kernel.org
Fixes: 7105e828c087 ("bpf: allow for correlation of maps and helpers in dump")
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/filter.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/linux/filter.h b/include/linux/filter.h index 55104f6c78e8..0b0144752d78 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h @@ -884,12 +884,12 @@ void bpf_jit_compile(struct bpf_prog *prog); bool bpf_jit_needs_zext(void); bool bpf_helper_changes_pkt_data(void *func); -static inline bool bpf_dump_raw_ok(void) +static inline bool bpf_dump_raw_ok(const struct cred *cred) { /* Reconstruction of call-sites is dependent on kallsyms, * thus make dump the same restriction. */ - return kallsyms_show_value(current_cred()); + return kallsyms_show_value(cred); } struct bpf_prog *bpf_patch_insn_single(struct bpf_prog *prog, u32 off, |