lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 28 Aug 2010 13:35:33 -0700
From:	John Johansen <john.johansen@...onical.com>
To:	Jiri Slaby <jirislaby@...il.com>
CC:	linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: Re: [PATCH 2/4] AppArmor: Fix security_task_setrlimit logic for 2.6.36
 changes

On 08/28/2010 11:15 AM, Jiri Slaby wrote:
> On 08/28/2010 07:10 PM, John Johansen wrote:
>> 2.6.36 introduced the abilitiy to specify the task that is having its
>> rlimits set.  Update mediation to ensure that confined tasks can only
>> set their own group_leader as expected by current policy.
>>
>> Add TODO note about extending policy to support setting other tasks
>> rlimits.
> ...
>> --- a/security/apparmor/resource.c
>> +++ b/security/apparmor/resource.c
> ...
>> @@ -79,18 +80,21 @@ int aa_map_resource(int resource)
>>   *
>>   * Returns: 0 or error code if setting resource failed
>>   */
>> -int aa_task_setrlimit(struct aa_profile *profile, unsigned int resource,
>> -		      struct rlimit *new_rlim)
>> +int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *task,
>> +		      unsigned int resource, struct rlimit *new_rlim)
>>  {
>>  	int error = 0;
>>  
>> -	if (profile->rlimits.mask & (1 << resource) &&
>> -	    new_rlim->rlim_max > profile->rlimits.limits[resource].rlim_max)
>> -
>> -		error = audit_resource(profile, resource, new_rlim->rlim_max,
>> -			-EACCES);
>> +	/* TODO: extend resource control to handle non group leader tasks.
>> +	 * AppArmor rules currently have the implicit assumption that
>> +	 * the task having its resource set is the group leader.
> 
> Why would you want to do that? Limits are per process, so the 'task'
> parameter is guaranteed to be the leader.
> 
That used to be the case,

commit c022a0acad534fd5f5d5f17280f6d4d135e74e81 add the prlimit64 syscall
which

    It also adds a possibility of changing limits of other processes. We
    check the user's permissions to do that and if it succeeds, the new
    limits are propagated online. This is good for large scale
    applications such as SAP or databases where administrators need to
    change limits time by time (e.g. on crashes increase core size). And
    it is unacceptable to restart the service.

so it seems we need to extend the apparmor rules to be able to deal with
this, but ensuring that the current assumption is enforced is enough
for now.

thanks
john
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ