| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 9 Nov 2016 10:02:38 +0300
From: Cyrill Gorcunov <gorcunov@...il.com>
To: Josh Triplett <josh@...htriplett.org>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Kees Cook <keescook@...omium.org>,
Johannes Weiner <hannes@...xchg.org>,
Arnd Bergmann <arnd@...db.de>, Ingo Molnar <mingo@...nel.org>,
Andy Lutomirski <luto@...nel.org>,
Petr Mladek <pmladek@...e.com>,
Thomas Garnier <thgarnie@...gle.com>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
Nicolas Pitre <nicolas.pitre@...aro.org>,
Zefan Li <lizefan@...wei.com>,
Li Bin <huawei.libin@...wei.com>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
Ralf Baechle <ralf@...ux-mips.org>,
Alex Thorlton <athorlton@....com>,
Michal Hocko <mhocko@...e.com>,
Mateusz Guzik <mguzik@...hat.com>,
John Stultz <john.stultz@...aro.org>,
Al Viro <viro@...iv.linux.org.uk>, Zach Brown <zab@...hat.com>,
Anna Schumaker <Anna.Schumaker@...app.com>,
Dave Hansen <dave.hansen@...el.com>,
linux-kernel@...r.kernel.org, linux-api@...r.kernel.org
Subject: Re: [PATCH 1/2] kernel: Move prctl and helpers from kernel/sys.c to
new kernel/prctl.c
On Tue, Nov 08, 2016 at 04:18:13PM -0800, Josh Triplett wrote:
> This prepares for making prctl optional.
>
> Signed-off-by: Josh Triplett <josh@...htriplett.org>
> +
...
> +static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd)
> +{
> + struct fd exe;
> + struct file *old_exe, *exe_file;
> + struct inode *inode;
> + int err;
> +
> + exe = fdget(fd);
> + if (!exe.file)
> + return -EBADF;
> +
> + inode = file_inode(exe.file);
> +
> + /*
> + * Because the original mm->exe_file points to executable file, make
> + * sure that this one is executable as well, to avoid breaking an
> + * overall picture.
> + */
> + err = -EACCES;
> + if (!S_ISREG(inode->i_mode) || path_noexec(&exe.file->f_path))
> + goto exit;
> +
> + err = inode_permission(inode, MAY_EXEC);
> + if (err)
> + goto exit;
> +
> + /*
> + * Forbid mm->exe_file change if old file still mapped.
> + */
> + exe_file = get_mm_exe_file(mm);
> + err = -EBUSY;
> + if (exe_file) {
> + struct vm_area_struct *vma;
> +
> + down_read(&mm->mmap_sem);
> + for (vma = mm->mmap; vma; vma = vma->vm_next) {
> + if (!vma->vm_file)
> + continue;
> + if (path_equal(&vma->vm_file->f_path,
> + &exe_file->f_path))
> + goto exit_err;
> + }
> +
> + up_read(&mm->mmap_sem);
> + fput(exe_file);
> + }
> +
> + /*
> + * The symlink can be changed only once, just to disallow arbitrary
> + * transitions malicious software might bring in. This means one
> + * could make a snapshot over all processes running and monitor
> + * /proc/pid/exe changes to notice unusual activity if needed.
> + */
> + err = -EPERM;
> + if (test_and_set_bit(MMF_EXE_FILE_CHANGED, &mm->flags))
> + goto exit;
IIRC this snippet has been dropped in linux-next tree. Stas CC'ed.
The rest looks cool for me. Thanks!
Reviewed-by: Cyrill Gorcunov <gorcunov@...nvz.org>
Powered by blists - more mailing lists