lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 6 Oct 2022 10:48:36 +0000 From: David Laight <David.Laight@...LAB.COM> To: 'Christian Brauner' <brauner@...nel.org>, Kees Cook <keescook@...omium.org> CC: Eric Biederman <ebiederm@...ssion.com>, Jorge Merlino <jorge.merlino@...onical.com>, Alexander Viro <viro@...iv.linux.org.uk>, Thomas Gleixner <tglx@...utronix.de>, Andy Lutomirski <luto@...nel.org>, Sebastian Andrzej Siewior <bigeasy@...utronix.de>, Andrew Morton <akpm@...ux-foundation.org>, "linux-mm@...ck.org" <linux-mm@...ck.org>, "linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>, "John Johansen" <john.johansen@...onical.com>, Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, Stephen Smalley <stephen.smalley.work@...il.com>, Eric Paris <eparis@...isplace.org>, Richard Haines <richard_c_haines@...nternet.com>, Casey Schaufler <casey@...aufler-ca.com>, Xin Long <lucien.xin@...il.com>, "David S. Miller" <davem@...emloft.net>, Todd Kjos <tkjos@...gle.com>, "Ondrej Mosnacek" <omosnace@...hat.com>, Prashanth Prahlad <pprahlad@...hat.com>, Micah Morton <mortonm@...omium.org>, Fenghua Yu <fenghua.yu@...el.com>, Andrei Vagin <avagin@...il.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "apparmor@...ts.ubuntu.com" <apparmor@...ts.ubuntu.com>, "linux-security-module@...r.kernel.org" <linux-security-module@...r.kernel.org>, "selinux@...r.kernel.org" <selinux@...r.kernel.org>, "linux-hardening@...r.kernel.org" <linux-hardening@...r.kernel.org> Subject: RE: [PATCH 1/2] fs/exec: Explicitly unshare fs_struct on exec From: Christian Brauner > Sent: 06 October 2022 10:05 > > On Thu, Oct 06, 2022 at 01:27:34AM -0700, Kees Cook wrote: > > The check_unsafe_exec() counting of n_fs would not add up under a heavily > > threaded process trying to perform a suid exec, causing the suid portion > > to fail. This counting error appears to be unneeded, but to catch any > > possible conditions, explicitly unshare fs_struct on exec, if it ends up > > Isn't this a potential uapi break? Afaict, before this change a call to > clone{3}(CLONE_FS) followed by an exec in the child would have the > parent and child share fs information. So if the child e.g., changes the > working directory post exec it would also affect the parent. But after > this change here this would no longer be true. So a child changing a > workding directoro would not affect the parent anymore. IOW, an exec is > accompanied by an unshare(CLONE_FS). Might still be worth trying ofc but > it seems like a non-trivial uapi change but there might be few users > that do clone{3}(CLONE_FS) followed by an exec. The thought of that is entirely horrid... I presume a suid exec will fail in that case? If the old code is trying to compare the number of threads with the number of users of the fs table isn't is just buggy? If a thread unshares the fs table there can be another reference somewhere else - which is what (I presume) is being tested for. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
Powered by blists - more mailing lists