From ffead1cbcaa1db5db525403043e27d618af8752b Mon Sep 17 00:00:00 2001 From: Sergey Bugaev Date: Sat, 29 May 2021 17:56:38 +0300 Subject: libshouldbeinlibc: Do not reauthenticate proc port when secure exec_reauth () is supposed to reauthenticate the given ports and file descriptors with a new authentication. If the secure flag is set, this reauthentication is happening for a future exec with the EXEC_SECURE flag. Now that the exec server uses proc_reauthenticate_reassign (), the process reauthentication is done atomically with task reassignment by the exec server. So stop doing it inside exec_reauth (). This fixes a vulnerability where a process was able to use its reauthenticated proc port before it got exec'ed over. --- libshouldbeinlibc/exec-reauth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'libshouldbeinlibc/exec-reauth.c') diff --git a/libshouldbeinlibc/exec-reauth.c b/libshouldbeinlibc/exec-reauth.c index 263b1408..cd217e02 100644 --- a/libshouldbeinlibc/exec-reauth.c +++ b/libshouldbeinlibc/exec-reauth.c @@ -93,7 +93,7 @@ exec_reauth (auth_t auth, int secure, int must_reauth, else err = reauth (&ports[INIT_PORT_CRDIR], 0); } - if (!err) + if (!err && !secure) err = reauth (&ports[INIT_PORT_PROC], 1); if (!err) err = reauth (&ports[INIT_PORT_CWDIR], 0); -- cgit v1.2.3