| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 18 Jun 2010 16:45:43 +0100 From: David Howells <dhowells@...hat.com> To: Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp> Cc: dhowells@...hat.com, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: [PATCH 2.6.29.6 - 2.6.35-rc3] CRED: Release spinlock before commit_creds(). Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp> wrote: > reparent_to_kthreadd() is calling commit_creds() with tasklist_lock held. > But commit_creds() calls > key_fsuid_changed()/key_fsgid_changed()/proc_id_connector() which may sleep. > Release tasklist_lock before calling commit_creds(). Hmmm... Does this change leave a hole in which the thread can be accessed as it's not locked away, but still has the old credentials? I wonder if we should have an internal CLONE_KTHREAD flag to achieve this in do_fork() rather than daemonize()'ing the thread later. Also, key_fsuid_changed() and key_fsgid_changed() should be skipped in commit_creds() if the thread-keyring pointer in the new creds is not the same as that in the old creds (as will be the case if we're shifting to init_cred), so they shouldn't really be a problem. However, I can't see an easy way around proc_id_connector() sleeping - unless we just don't call it if new == &init_cred in commit_creds(). I suppose it also leaves a hole if we call commit_creds() first, before getting the write_lock()... :-/ David -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists