Merge tag 'kernel.sys.v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux

Pull set_user() update from Christian Brauner: "This contains a single fix to set_user() which aligns permission checks with the corresponding fork() codepath. No one involved in this could come up with a reason for the difference. A capable caller can already circumvent the check when they fork where the permission checks are already for the relevant capabilities in addition to also allowing to exceed nproc when it is the init user. So apply the same logic to set_user()" * tag 'kernel.sys.v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux: set_user: add capability check when rlimit(RLIMIT_NPROC) exceeds

Merge tag 'kernel.sys.v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux
Pull set_user() update from Christian Brauner: "This contains a single fix to set_user() which aligns permission checks with the corresponding fork() codepath. No one involved in this could come up with a reason for the difference. A capable caller can already circumvent the check when they fork where the permission checks are already for the relevant capabilities in addition to also allowing to exceed nproc when it is the init user. So apply the same logic to set_user()" * tag 'kernel.sys.v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux: set_user: add capability check when rlimit(RLIMIT_NPROC) exceeds
e55f0c43 · Linus Torvalds · 67b03f93 · 2863643f · e55f0c43
隐藏空白更改
内联并排

Showing with 2 addition and 1 deletion

kernel/sys.c kernel/sys.c +2 -1

未找到文件。
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -480,7 +480,8 @@ static int set_user(struct cred *new)
 	 * failure to the execve() stage.
 	 */
 	if (is_ucounts_overlimit(new->ucounts, UCOUNT_RLIMIT_NPROC, rlimit(RLIMIT_NPROC)) &&
-			new_user != INIT_USER)
+			new_user != INIT_USER &&
+			!capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN))
 		current->flags |= PF_NPROC_EXCEEDED;
 	else
 		current->flags &= ~PF_NPROC_EXCEEDED;