lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 14 Feb 2010 18:15:49 +0100
From:	Frederic Weisbecker <fweisbec@...il.com>
To:	Michael Stefaniuc <mstefani@...hat.com>
Cc:	prasad@...ux.vnet.ibm.com, Alan Stern <stern@...land.harvard.edu>,
	linux-kernel@...r.kernel.org,
	Maneesh Soni <maneesh@...ux.vnet.ibm.com>,
	Alexandre Julliard <julliard@...ehq.org>,
	"Rafael J. Wysocki" <rjw@...k.pl>,
	Maciej Rutecki <maciej.rutecki@...il.com>
Subject: Re: Regression in ptrace (Wine) starting with 2.6.33-rc1

On Sat, Feb 13, 2010 at 10:29:16PM +0100, Michael Stefaniuc wrote:
> Results 2.6.33-rcX:
> -------------------
> ptrace(PTRACE_ATTACH, 18036, 0, 0)      = 0
> ptrace(PTRACE_POKEUSER, 18036, offsetof(struct user, u_debugreg),  
> 0x42424242) = 0
> ptrace(PTRACE_POKEUSER, 18036, offsetof(struct user, u_debugreg) + 4, 0) = 0
> ptrace(PTRACE_POKEUSER, 18036, offsetof(struct user, u_debugreg) + 8, 0) = 0
> ptrace(PTRACE_POKEUSER, 18036, offsetof(struct user, u_debugreg) + 12,  
> 0) = 0
> ptrace(PTRACE_POKEUSER, 18036, offsetof(struct user, u_debugreg) + 24,  
> 0) = 0
> ptrace(PTRACE_POKEUSER, 18036, offsetof(struct user, u_debugreg) + 28,  
> 0x155) = -1 EINVAL (Invalid argument)
>
> Results 2.6.32:
> ---------------
> trace(PTRACE_ATTACH, 3077, 0, 0)       = 0
> ptrace(PTRACE_POKEUSER, 3077, offsetof(struct user, u_debugreg),  
> 0x42424242) = 0
> ptrace(PTRACE_POKEUSER, 3077, offsetof(struct user, u_debugreg) + 4, 0) = 0
> ptrace(PTRACE_POKEUSER, 3077, offsetof(struct user, u_debugreg) + 8, 0) = 0
> ptrace(PTRACE_POKEUSER, 3077, offsetof(struct user, u_debugreg) + 12, 0) = 0
> ptrace(PTRACE_POKEUSER, 3077, offsetof(struct user, u_debugreg) + 24, 0) = 0
> ptrace(PTRACE_POKEUSER, 3077, offsetof(struct user, u_debugreg) + 28,  
> 0x155) = 0


I see... So this is setting breakpoints on the address 0. The new code
rejects such breakpoints, but the previous one was accepting it.

The point of allowing breakpoints in NULL is discutable. It's not a bug,
neither is it a security hole I think (because if the ptrace breakpoint
triggers from the kernel, it's ignored), it's just pointless, unless
userland map things in 0.

But it's too late to debate this. If the previous code accepted it,
it's an ABI, and we have broken it.

I'm preparing a fix.



> So it looks like something in the setting of DR7 is broken or at least
> changed behavior. The function in Wine that does those calls is
> set_thread_context() from server/ptrace.c .
>
> I'll try to see if I can reproduce the other regression; as it is hidden  
> at the moment by this regression.


Ok.

Thanks.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ