From f3ad68446455acbe562e0057931e6256b8b991e8 Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Mon, 22 Jul 2019 11:59:00 +0200
Subject: executor: drop CAP_SYS_NICE

A process with CAP_SYS_NICE can bring kernel down by asking for too high SCHED_DEADLINE priority,
as the result rcu and other system services that use kernel threads will stop functioning.
Some parameters for SCHED_DEADLINE should be OK, but we don't have means to enforce
values of indirect syscall arguments. Peter Zijlstra proposed sysctl_deadline_period_{min,max}
which could be used to enfore safe limits without droppping CAP_SYS_NICE, but we don't have it yet.
See the following bug for details:
https://groups.google.com/forum/#!topic/syzkaller-bugs/G6Wl_PKPIWI
---
 pkg/csource/generated.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'pkg/csource/generated.go')

diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go
index eb863e8e1..58ccf11b0 100644
--- a/pkg/csource/generated.go
+++ b/pkg/csource/generated.go
@@ -4441,7 +4441,7 @@ static void drop_caps(void)
 	cap_hdr.pid = getpid();
 	if (syscall(SYS_capget, &cap_hdr, &cap_data))
 		fail("capget failed");
-	const int drop = (1 << CAP_SYS_PTRACE);
+	const int drop = (1 << CAP_SYS_PTRACE) | (1 << CAP_SYS_NICE);
 	cap_data[0].effective &= ~drop;
 	cap_data[0].permitted &= ~drop;
 	cap_data[0].inheritable &= ~drop;
-- 
cgit mrf-deployment