iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6396026045
linux/kernel/bpf
History
Kees Cook 6396026045 bpf: Check correct cred for CAP_SYSLOG in bpf_dump_raw_ok() 
When evaluating access control over kallsyms visibility, credentials at
open() time need to be used, not the "current" creds (though in BPF's
case, this has likely always been the same). Plumb access to associated
file->f_cred down through bpf_dump_raw_ok() and its callers now that
kallsysm_show_value() has been refactored to take struct cred.

Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: bpf@vger.kernel.org
Cc: stable@vger.kernel.org
Fixes: 7105e828c0 ("bpf: allow for correlation of maps and helpers in dump")
Signed-off-by: Kees Cook <keescook@chromium.org>
2020-07-08 16:01:21 -07:00
..
arraymap.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-05-15 13:48:59 -07:00
bpf_iter.c bpf: Enable bpf_iter targets registering ctx argument types 2020-05-13 12:30:50 -07:00
bpf_lru_list.c
bpf_lru_list.h bpf: Fix a typo "inacitve" -> "inactive" 2020-04-06 21:54:10 +02:00
bpf_lsm.c bpf: Use tracing helpers for lsm programs 2020-06-01 15:08:04 -07:00
bpf_struct_ops_types.h bpf: tcp: Support tcp_congestion_ops in bpf 2020-01-09 08:46:18 -08:00
bpf_struct_ops.c bpf: Implement CAP_BPF 2020-05-15 17:29:41 +02:00
btf.c bpf: Enable bpf_iter targets registering ctx argument types 2020-05-13 12:30:50 -07:00
cgroup.c bpf: cgroup: Allow multi-attach program to replace itself 2020-06-09 11:21:43 -07:00
core.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-06-03 16:27:18 -07:00
cpumap.c xdp: Rename convert_to_xdp_frame in xdp_convert_buff_to_frame 2020-06-01 15:02:53 -07:00
devmap.c bpf: Devmap adjust uapi for attach bpf program 2020-06-09 11:36:18 -07:00
disasm.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 295 2019-06-05 17:36:38 +02:00
disasm.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 295 2019-06-05 17:36:38 +02:00
dispatcher.c bpf: Remove bpf_image tree 2020-03-13 12:49:52 -07:00
hashtab.c bpf: Implement CAP_BPF 2020-05-15 17:29:41 +02:00
helpers.c bpf: Implement BPF ring buffer and verifier support for it 2020-06-01 14:38:22 -07:00
inode.c bpf: Create file bpf iterator 2020-05-09 17:05:26 -07:00
local_storage.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-12-22 09:54:33 -08:00
lpm_trie.c bpf: Implement CAP_BPF 2020-05-15 17:29:41 +02:00
Makefile flow_dissector: Move out netns_bpf prog callbacks 2020-06-01 15:21:02 -07:00
map_in_map.c bpf: Implement CAP_BPF 2020-05-15 17:29:41 +02:00
map_in_map.h
map_iter.c bpf: Enable bpf_iter targets registering ctx argument types 2020-05-13 12:30:50 -07:00
net_namespace.c bpf: Add link-based BPF program attachment to network namespace 2020-06-01 15:21:03 -07:00
offload.c bpf, offload: Replace bitwise AND by logical AND in bpf_prog_offload_info_fill 2020-02-17 16:53:49 +01:00
percpu_freelist.c bpf: Dont iterate over possible CPUs with interrupts disabled 2020-02-24 16:18:20 -08:00
percpu_freelist.h
queue_stack_maps.c bpf: Implement CAP_BPF 2020-05-15 17:29:41 +02:00
reuseport_array.c bpf: Implement CAP_BPF 2020-05-15 17:29:41 +02:00
ringbuf.c bpf: Implement BPF ring buffer and verifier support for it 2020-06-01 14:38:22 -07:00
stackmap.c mmap locking API: add mmap_read_trylock_non_owner() 2020-06-09 09:39:14 -07:00
syscall.c bpf: Check correct cred for CAP_SYSLOG in bpf_dump_raw_ok() 2020-07-08 16:01:21 -07:00
sysfs_btf.c bpf: Support llvm-objcopy for vmlinux BTF 2020-03-19 12:32:38 +01:00
task_iter.c bpf: Fix bpf_iter's task iterator logic 2020-05-14 18:37:32 -07:00
tnum.c bpf: Verifier, do explicit ALU32 bounds tracking 2020-03-30 14:59:53 -07:00
trampoline.c bpf: lsm: Implement attach, detach and execution 2020-03-30 01:34:00 +02:00
verifier.c bpf: Fix an error code in check_btf_func() 2020-06-04 23:38:54 +02:00