executor: drop CAP_SYS_NICE

A process with CAP_SYS_NICE can bring kernel down by asking for too high SCHED_DEADLINE priority, as the result rcu and other system services that use kernel threads will stop functioning. Some parameters for SCHED_DEADLINE should be OK, but we don't have means to enforce values of indirect syscall arguments. Peter Zijlstra proposed sysctl_deadline_period_{min,max} which could be used to enfore safe limits without droppping CAP_SYS_NICE, but we don't have it yet. See the following bug for details: https://groups.google.com/forum/#!topic/syzkaller-bugs/G6Wl_PKPIWI
author: Dmitry Vyukov <dvyukov@google.com> 2019-07-22 11:59:00 +0200
committer: Dmitry Vyukov <dvyukov@google.com> 2019-07-22 11:59:00 +0200
commit: f3ad68446455acbe562e0057931e6256b8b991e8 (patch)
tree: 417ac927b0899ea1c5b190b0f6574e9ce8415b6a /pkg/csource/generated.go
parent: be348f6db38c583b804772f246e68146e52d20f4 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go
index eb863e8e1..58ccf11b0 100644
--- a/pkg/csource/generated.go
+++ b/pkg/csource/generated.go
@@ -4441,7 +4441,7 @@ static void drop_caps(void)
 	cap_hdr.pid = getpid();
 	if (syscall(SYS_capget, &cap_hdr, &cap_data))
 		fail("capget failed");
-	const int drop = (1 << CAP_SYS_PTRACE);
+	const int drop = (1 << CAP_SYS_PTRACE) | (1 << CAP_SYS_NICE);
 	cap_data[0].effective &= ~drop;
 	cap_data[0].permitted &= ~drop;
 	cap_data[0].inheritable &= ~drop;
author	Dmitry Vyukov <dvyukov@google.com>	2019-07-22 11:59:00 +0200
committer	Dmitry Vyukov <dvyukov@google.com>	2019-07-22 11:59:00 +0200
commit	f3ad68446455acbe562e0057931e6256b8b991e8 (patch)
tree	417ac927b0899ea1c5b190b0f6574e9ce8415b6a /pkg/csource/generated.go
parent	be348f6db38c583b804772f246e68146e52d20f4 (diff)