lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20100617001114.A90F5403D2@magilla.sf.frob.com>
Date:	Wed, 16 Jun 2010 17:11:14 -0700 (PDT)
From:	Roland McGrath <roland@...hat.com>
To:	Kees Cook <kees.cook@...onical.com>
Cc:	linux-kernel@...r.kernel.org, Randy Dunlap <rdunlap@...otime.net>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Jiri Kosina <jkosina@...e.cz>,
	Dave Young <hidave.darkstar@...il.com>,
	Martin Schwidefsky <schwidefsky@...ibm.com>,
	Oleg Nesterov <oleg@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>,
	David Howells <dhowells@...hat.com>,
	Ingo Molnar <mingo@...e.hu>,
	Peter Zijlstra <a.p.zijlstra@...llo.nl>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	linux-doc@...r.kernel.org
Subject: Re: [PATCH] ptrace: allow restriction of ptrace scope

> Though, honestly, just trying to get rid of PTRACE seems like the better
> place to spend time.

Crushing irony of telling *me* this duly noted.  ;-)
I am not really sure what deeply different set of security constraints
you envision on any other kind of new debugger interface that would be
any different for the concerns you've expressed, though.

> > I don't think "task->pid > 0" is a sort of check that is used elsewhere in
> > the kernel for this.  Perhaps "task == &init_task" would be better.
> 
> Is this correct for pid_ns?  I thought pid 1 (regardless of NS) would have
> a NULL parent?

Don't ask me.  I just mentioned pid_ns to get those who really know about
it to feel obliged to review your code.

> > I suspect you really want to test same_thread_group(walker, current).
> > You don't actually mean to rule out a debugger that forks children with
> > one thread and calls ptrace with another, do you?
> 
> Won't they ultimately have the same parent, though?

Sure, those debugger threads will have the same parent, such as the shell
that spawned the debugger.  But your "security" check is that the caller of
ptrace is a direct ancestor of the tracee.  The ancestry of that ptrace
caller is immaterial.


Thanks,
Roland
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ