lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 21 Jan 2012 01:23:11 +0000
From:	Jamie Lokier <jamie@...reable.org>
To:	Roland McGrath <mcgrathr@...gle.com>
Cc:	Denys Vlasenko <vda.linux@...glemail.com>,
	Indan Zupancic <indan@....nu>,
	"H. Peter Anvin" <hpa@...or.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Andi Kleen <andi@...stfloor.org>,
	Andrew Lutomirski <luto@....edu>,
	Oleg Nesterov <oleg@...hat.com>,
	Will Drewry <wad@...omium.org>, linux-kernel@...r.kernel.org,
	keescook@...omium.org, john.johansen@...onical.com,
	serge.hallyn@...onical.com, coreyb@...ux.vnet.ibm.com,
	pmoore@...hat.com, eparis@...hat.com, djm@...drot.org,
	segoon@...nwall.com, rostedt@...dmis.org, jmorris@...ei.org,
	scarybeasts@...il.com, avi@...hat.com, penberg@...helsinki.fi,
	viro@...iv.linux.org.uk, mingo@...e.hu, akpm@...ux-foundation.org,
	khilman@...com, borislav.petkov@....com, amwang@...hat.com,
	ak@...ux.intel.com, eric.dumazet@...il.com, gregkh@...e.de,
	dhowells@...hat.com, daniel.lezcano@...e.fr,
	linux-fsdevel@...r.kernel.org,
	linux-security-module@...r.kernel.org, olofj@...omium.org,
	mhalcrow@...gle.com, dlaor@...hat.com
Subject: Re: Compat 32-bit syscall entry from 64-bit task!?

Roland McGrath wrote:
> On Fri, Jan 20, 2012 at 4:07 PM, Denys Vlasenko
> <vda.linux@...glemail.com> wrote:
> >> Maybe a bit telling whether it is syscall entry or exit?
> >
> > Yes, this one too. This is one of longstanding annoyances
> > that this information is not exposed.
> 
> That is not really "state", it's just which event you want.
> That is much better addressed by replacing PTRACE_SYSCALL
> with PTRACE_O_TRACE_SYSCALL_{ENTRY,EXIT} and PTRACE_EVENT_SYSCALL_{ENTRY,EXIT}.
> Oleg can whip that up for you no problem.

I agree, that is so obviously the right thing to do and it's very easy
to do in the tracehook functions.

There is one slight problem that some archs don't use
tracehook yet. Probably that should be fixed anyway.

(Fwiw, two other issues with arch-independent ptrace have come up in this
thread, which ought to be fairly easy to fix:
   - If tracer dies, tracee is free to continue running.  For security
     tracers, and would be useful for strace as well, it would be good
     to have an option to SIGKILL the tracee if tracer dies.
   - Can't abort or change an unwanted syscall if the process receives
     SIGKILL as it's about to start a syscall (which will be its last).)

-- Jamie
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ