lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 23 Jun 2016 13:56:39 -0500
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	"Michael Kerrisk \(man-pages\)" <mtk.manpages@...il.com>
Cc:	Oleg Nesterov <oleg@...hat.com>, Jann Horn <jann@...jh.net>,
	James Morris <jmorris@...ei.org>,
	linux-man <linux-man@...r.kernel.org>,
	Stephen Smalley <sds@...ho.nsa.gov>,
	lkml <linux-kernel@...r.kernel.org>,
	Kees Cook <keescook@...omium.org>,
	linux-security-module <linux-security-module@...r.kernel.org>,
	Linux API <linux-api@...r.kernel.org>
Subject: Re: Documenting ptrace access mode checking

"Michael Kerrisk (man-pages)" <mtk.manpages@...il.com> writes:

> Hi Oleg,
>
> On 06/22/2016 11:51 PM, Oleg Nesterov wrote:
>> On 06/21, Eric W. Biederman wrote:
>>>
>>> Adding Oleg just because he seems to do most of the ptrace related
>>> maintenance these days.
>>
>> so I have to admit that I never even tried to actually understand
>> ptrace_may_access ;)
>>
>>> We certainly need something that gives a high level view so people
>>> reading the man page can know what to expect.   If you get down into the
>>> weeds we run the danger of people beginning to think they can depend
>>> upon bugs in the implementation.
>>
>> Personally I agree. I think "man ptrace" shouldn't not tell too much
>> about kernel internals.
>
> See my other replies on this topic. Somehow, we need a way of
> describing the behavior that user-space sees. I think it's
> inevitable that that means talking about what;s going on
> "under the hood".
>
> Regarding Eric's point that "we run the danger of people beginning
> to think they can depend upon bugs in the implementation": when it
> comes to breaking the ABI, the presence or absence of documentation
> doesn't save us on that point (Linus has a few times made his position
> wrt to documentation clear).

Which are interesting in this respect as a bug in the implementation
that is a security issue can and will be changed, even if userspace
breaks.  Breaking userspace is not desirable but when there is no other
reasonable choice it will happen.

Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ