| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 15 Mar 2015 20:05:21 +0300 From: Cyrill Gorcunov <gorcunov@...il.com> To: Davidlohr Bueso <dave@...olabs.net> Cc: Oleg Nesterov <oleg@...hat.com>, akpm@...ux-foundation.org, viro@...iv.linux.org.uk, koct9i@...il.com, linux-mm@...ck.org, linux-kernel@...r.kernel.org, Kees Cook <keescook@...omium.org> Subject: Re: [PATCH -next v2 0/4] mm: replace mmap_sem for mm->exe_file serialization On Sun, Mar 15, 2015 at 08:42:05AM -0700, Davidlohr Bueso wrote: > > > > Yes, this code needs cleanups, I agree. Does this series makes it better? > > > > To me it doesn't, and the diffstat below shows that it blows the code. > > > > > > Looking at some of the caller paths now, I have to disagree. > > > > And I believe you are wrong. But let me repeat, I leave this to Cyrill > > and Konstantin. Cleanups are always subjective. > > > > > > In fact, to me it complicates this code. For example. Personally I think > > > > that MMF_EXE_FILE_CHANGED should die. And currently we can just remove it. > > > > > > How could you remove this? > > > > Just remove this flag and the test_and_set_bit(MMF_EXE_FILE_CHANGED) check. > > Again, this is subjective, but to me it looks ugly. Why do we allow to > > change ->exe_file but only once? This came from very first versions of the functionality implemented in prctl. It supposed to help sysadmins to notice if there exe transition happened. As to me it doesn't bring much security, if I would be a virus I would simply replace executing code with ptrace or via other ways without telling outside world that i've changed exe path. That said I would happily rip off this MMF_EXE_FILE_CHANGED bit but I fear security guys won't be that happy about it. (CC'ing Kees) As to series as a "cleanup" in general -- we need to measure that at least it doesn't bring perf downgrade at least. > Ok I think I am finally seeing where you are going. And I like it *a > lot* because it allows us to basically replace mmap_sem with rcu > (MMF_EXE_FILE_CHANGED being the only user that requires a lock!!), but > am afraid it might not be possible. I mean currently we have no rule wrt > to users that don't deal with prctl. > > Forbidding multiple exe_file changes to be generic would certainly > change address space semantics, probably for the better (tighter around > security), but changed nonetheless so users would have a right to > complain, no? So if we can get away with removing MMF_EXE_FILE_CHANGED > I'm all for it. Andrew? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists