lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87wsypakdr.wl%takeuchi_satoru@jp.fujitsu.com>
Date:	Thu, 31 May 2007 09:48:16 +0900
From:	Satoru Takeuchi <takeuchi_satoru@...fujitsu.com>
To:	Oleg Nesterov <oleg@...sign.ru>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	Satoru Takeuchi <takeuchi_satoru@...fujitsu.com>,
	Roland McGrath <roland@...hat.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] tty: fix leakage of -ERESTARTSYS to userland

At Wed, 30 May 2007 23:18:49 +0400,
Oleg Nesterov wrote:
> 
> On 05/30, Andrew Morton wrote:
> > On Tue, 29 May 2007 22:44:35 +0400
> > Oleg Nesterov <oleg@...sign.ru> wrote:
> > 
> > > --- t/drivers/char/n_tty.c~	2007-04-05 12:18:26.000000000 +0400
> > > +++ t/drivers/char/n_tty.c	2007-05-28 10:57:58.000000000 +0400
> > > @@ -1191,6 +1191,7 @@ static int job_control(struct tty_struct
> > >  			    is_current_pgrp_orphaned())
> > >  				return -EIO;
> > >  			kill_pgrp(task_pgrp(current), SIGTTIN, 1);
> > > +			set_thread_flag(TIF_SIGPENDING);
> > >  			return -ERESTARTSYS;
> > >  		}
> > >  	}
> > 
> > Are there other callers of kill_pgrp() which have the same problem?
> 
> Hopefully no.
> 
> > Perhaps we should have a kill_pgrp_self() which takes care of doing
> > this, rather than open-coding it.  Something with a comment which
> > explains what's going on ;)
> 
> This set_thread_flag(TIF_SIGPENDING) is "connected" to "return -ERESTARTSYS",
> not to kill_pgrp(), imho the new helper is not so suitable.
> 
> Perhaps it makes sense to add the comment into include/linux/errno.h, to
> explain that -ERESTART... codes are only valid when signal_pending() == true.

Like this?

Satoru

---
Add comment for errnos related to restart syscall to avoid the leakage of
kernel only errnos.

Signed-off-by: Satoru Takeuchi <takeuchi_satoru@...fujitsu.com>
Cc: Oleg Nesterov <oleg@...sign.ru>

Index: linux-2.6.22-rc3/include/linux/errno.h
===================================================================
--- linux-2.6.22-rc3.orig/include/linux/errno.h	2007-04-26 12:08:32.000000000 +0900
+++ linux-2.6.22-rc3/include/linux/errno.h	2007-05-31 09:44:27.000000000 +0900
@@ -5,7 +5,11 @@
 
 #ifdef __KERNEL__
 
-/* Should never be seen by user programs */
+/*
+ * Should never be seen by user programs. Please note that returing
+ * `ERESTART*' errnos when `!signal_pending()' incurs the leakage of these
+ * errnos to user space.
+ */
 #define ERESTARTSYS	512
 #define ERESTARTNOINTR	513
 #define ERESTARTNOHAND	514	/* restart if no handler.. */
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ