| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Dec 2013 22:22:25 -0800 From: John Johansen <john.johansen@...onical.com> To: Richard Guy Briggs <rgb@...hat.com>, Oleg Nesterov <oleg@...hat.com> CC: Andrew Morton <akpm@...ux-foundation.org>, "Eric W. Biederman" <ebiederm@...ssion.com>, Peter Zijlstra <peterz@...radead.org>, Eric Paris <eparis@...hat.com>, linux-kernel@...r.kernel.org Subject: Re: [PATCH] apparmor: remove the "task" arg from may_change_ptraced_domain() On 12/19/2013 08:36 PM, Richard Guy Briggs wrote: > On 13/12/18, Oleg Nesterov wrote: >> On 12/18, Richard Guy Briggs wrote: >>> >>> Bcc: rgb@...hat.com >>> Subject: Re: [PATCH] apparmor: remove the "task" arg from >>> may_change_ptraced_domain() >>> Reply-To: >>> In-Reply-To: <20130926132519.GY13968@...cap2.tricolour.ca> >> >> The subject is empty ;) I changed it to match the above. > > HTH?!? Thanks for adding it. (more below...) > >>> On 13/09/26, Richard Guy Briggs wrote: >>>> On Tue, Sep 24, 2013 at 06:44:42PM +0200, Oleg Nesterov wrote: >>>>> On 09/23, Richard Guy Briggs wrote: >>>>>> >>>>>> On Mon, Sep 16, 2013 at 04:20:35PM +0200, Oleg Nesterov wrote: >>>>>>> Unless task == current ptrace_parent(task) is not safe even under >>>>>>> rcu_read_lock() and most of the current users are not right. >>>>>> >>>>>> Could you point to an explanation of this? >>>>> >>>>> If this task exits before rcu_read_lock() ->parent can point to the >>>>> already freed/reused memory. >>>> >>>> Ok, understood. So even though the task may have exited, the task >>>> struct pointer is still valid, but not the contents of the task struct >>>> to which it points. >>> >>> [The thread also relates to the patch >>> "pid: get ppid pid_t of task in init_pid_ns safely" >>> in which sys_getppid() (which appears safe) is replaced with something that >>> references the init_pid_ns rather than current's pid_ns.] >>> >>> So, in the general case, that call is not safe, and we should at least >>> remove the task_struct argument. >> >> I changed my mind, please see the recent discussion with Paul: >> >> http://marc.info/?t=138626281900001 >> >> instead we should document why ptrace_parent() is safe without pid_alive(). > > Interesting. I wasn't aware of pid_alive(), but that would certainly > help. > >> I hope that the change in apparmor was fine anyway. > > Yes, I'm fine with apparmor change, if it was deemed that the ppid > wasn't needed. If it is, then it should use this new task_ppid_nr(). it wasn't needed, changes where made years ago to allow us to get rid of using the parent pid. Its was left in for a transition period and just had never been removed. > Better yet I think to generalize it to anticipate auditd in containers. > yep, that is the way to go -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists