| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Oct 2009 16:38:50 -0700 From: Sukadev Bhattiprolu <sukadev@...ux.vnet.ibm.com> To: Oren Laadan <orenl@...rato.com> Cc: linux-kernel@...r.kernel.org, randy.dunlap@...cle.com, arnd@...db.de, Containers <containers@...ts.linux-foundation.org>, Nathan Lynch <nathanl@...tin.ibm.com>, Louis.Rilling@...labs.com, "Eric W. Biederman" <ebiederm@...ssion.com>, kosaki.motohiro@...fujitsu.com, hpa@...or.com, mingo@...e.hu, linux-api@...r.kernel.org, torvalds@...ux-foundation.org, Alexey Dobriyan <adobriyan@...il.com>, roland@...hat.com, Pavel Emelyanov <xemul@...nvz.org> Subject: Re: [RFC][v8][PATCH 7/10]: Check invalid clone flags Oren Laadan [orenl@...rato.com] wrote: | | | Sukadev Bhattiprolu wrote: | > | > Subject: [RFC][v8][PATCH 7/10]: Check invalid clone flags | > | > As pointed out by Oren Laadan, we want to ensure that unused bits in the | > clone-flags remain unused and available for future. To ensure this, define | > a mask of clone-flags and check the flags in the clone() system calls. | > | > Changelog[v8]: | > - New patch in set | > | > Signed-off-by: Sukadev Bhattiprolu <sukadev@...ux.vnet.ibm.com> | > | > --- | > include/linux/sched.h | 10 ++++++++++ | > kernel/fork.c | 3 +++ | > 2 files changed, 13 insertions(+) | > | > Index: linux-2.6/include/linux/sched.h | > =================================================================== | > --- linux-2.6.orig/include/linux/sched.h 2009-10-02 18:53:55.000000000 -0700 | > +++ linux-2.6/include/linux/sched.h 2009-10-02 19:58:21.000000000 -0700 | > @@ -29,6 +29,16 @@ | > #define CLONE_NEWNET 0x40000000 /* New network namespace */ | > #define CLONE_IO 0x80000000 /* Clone io context */ | > | > +#define VALID_CLONE_FLAGS (CSIGNAL | CLONE_VM | CLONE_FS | CLONE_FILES |\ | > + CLONE_SIGHAND | CLONE_PTRACE | CLONE_VFORK |\ | > + CLONE_PARENT | CLONE_THREAD | CLONE_NEWNS |\ | > + CLONE_SYSVSEM | CLONE_SETTLS |\ | > + CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID |\ | > + CLONE_DETACHED | CLONE_UNTRACED |\ | > + CLONE_CHILD_SETTID | CLONE_STOPPED |\ | > + CLONE_NEWUTS | CLONE_NEWIPC | CLONE_NEWUSER |\ | > + CLONE_NEWPID | CLONE_NEWNET| CLONE_IO) | > + | > /* | > * Scheduling policies | > */ | > Index: linux-2.6/kernel/fork.c | > =================================================================== | > --- linux-2.6.orig/kernel/fork.c 2009-10-02 19:00:08.000000000 -0700 | > +++ linux-2.6/kernel/fork.c 2009-10-02 19:57:36.000000000 -0700 | > @@ -942,6 +942,9 @@ static struct task_struct *copy_process( | > struct task_struct *p; | > int cgroup_callbacks_done = 0; | > | | We can safely apply these tests to clone3(), because it is a new syscall. | | However, I don't know if applying it to clone() can break existing | application that may already be (incorrectly) using invalid flags ? Doing the check in copy_process() seems would apply to all architectures. As for breaking an existing app, there is only one unused flag, 0x00001000 (bw CLONE_SIGHAND and CLONE_PTRACE). If an application could be using that and we don't want to break it, maybe we can add following macro to the VALID_CLONE_FLAGS list ? #define CLONE_UNUSED_BIT 0x00001000 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists