summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2020-07-03 00:45:23 +0200
committerKees Cook <keescook@chromium.org>2020-07-09 01:01:21 +0200
commit63960260457a02af2a6cb35d75e6bdb17299c882 (patch)
treef228a9c11508b12047dba30ae47457d4043955ea /include
parentkprobes: Do not expose probe addresses to non-CAP_SYSLOG (diff)
downloadlinux-63960260457a02af2a6cb35d75e6bdb17299c882.tar.xz
linux-63960260457a02af2a6cb35d75e6bdb17299c882.zip
bpf: Check correct cred for CAP_SYSLOG in bpf_dump_raw_ok()
When evaluating access control over kallsyms visibility, credentials at open() time need to be used, not the "current" creds (though in BPF's case, this has likely always been the same). Plumb access to associated file->f_cred down through bpf_dump_raw_ok() and its callers now that kallsysm_show_value() has been refactored to take struct cred. Cc: Alexei Starovoitov <ast@kernel.org> Cc: Daniel Borkmann <daniel@iogearbox.net> Cc: bpf@vger.kernel.org Cc: stable@vger.kernel.org Fixes: 7105e828c087 ("bpf: allow for correlation of maps and helpers in dump") Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'include')
-rw-r--r--include/linux/filter.h4
1 files changed, 2 insertions, 2 deletions
diff --git a/include/linux/filter.h b/include/linux/filter.h
index 55104f6c78e8..0b0144752d78 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -884,12 +884,12 @@ void bpf_jit_compile(struct bpf_prog *prog);
bool bpf_jit_needs_zext(void);
bool bpf_helper_changes_pkt_data(void *func);
-static inline bool bpf_dump_raw_ok(void)
+static inline bool bpf_dump_raw_ok(const struct cred *cred)
{
/* Reconstruction of call-sites is dependent on kallsyms,
* thus make dump the same restriction.
*/
- return kallsyms_show_value(current_cred());
+ return kallsyms_show_value(cred);
}
struct bpf_prog *bpf_patch_insn_single(struct bpf_prog *prog, u32 off,