| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Jul 2016 13:30:25 +0200 From: Stanislav Kinsburskiy <skinsbursky@...tuozzo.com> To: One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>, "Eric W. Biederman" <ebiederm@...ssion.com> CC: Cyrill Gorcunov <gorcunov@...il.com>, <peterz@...radead.org>, <mingo@...hat.com>, <mhocko@...e.com>, <keescook@...omium.org>, <linux-kernel@...r.kernel.org>, <mguzik@...hat.com>, <bsegall@...gle.com>, <john.stultz@...aro.org>, <oleg@...hat.com>, <matthltc@...ibm.com>, <akpm@...ux-foundation.org>, <luto@...capital.net>, <vbabka@...e.cz>, <xemul@...tuozzo.com> Subject: Re: [PATCH] prctl: remove one-shot limitation for changing exe link 18.07.2016 22:11, One Thousand Gnomes пишет: >>>> 1) Attach to process via ptrace (protected by CAP_SYS_PTRACE) >>>> 2) Unmap all the process file mappings, related to "exe" file. >>>> 3) Change exe link (protected by CAP_SYS_RESOURCE). >>>> >>>> IOW, some other process already has an access to process internals (and thus >>>> it's already compromised), and can inject fork and use the child of the >>>> compromised program to masquerade. >>>> Which means this limitation doesn't solve the problem it was aimed to. > IFF it is the same uid or root (in which case you already lost). In the > case of cross uid activity this is not true. Could you elaborate on it, please? > Alan
Powered by blists - more mailing lists