lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BANLkTimw7dV9_aSsrUfzwSdwr6UwZDsRwg@mail.gmail.com>
Date:	Wed, 20 Apr 2011 09:40:57 -0400
From:	Eric Paris <eparis@...isplace.org>
To:	Srikar Dronamraju <srikar@...ux.vnet.ibm.com>
Cc:	Peter Zijlstra <peterz@...radead.org>,
	James Morris <jmorris@...ei.org>, Ingo Molnar <mingo@...e.hu>,
	Steven Rostedt <rostedt@...dmis.org>,
	Linux-mm <linux-mm@...ck.org>,
	Arnaldo Carvalho de Melo <acme@...radead.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Jonathan Corbet <corbet@....net>,
	Christoph Hellwig <hch@...radead.org>,
	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ananth N Mavinakayanahalli <ananth@...ibm.com>,
	Oleg Nesterov <oleg@...hat.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	SystemTap <systemtap@...rces.redhat.com>,
	Jim Keniston <jkenisto@...ux.vnet.ibm.com>,
	Roland McGrath <roland@...k.frob.com>,
	Andi Kleen <andi@...stfloor.org>,
	LKML <linux-kernel@...r.kernel.org>,
	Eric Paris <eparis@...hat.com>, sds@...ho.nsa.gov
Subject: Re: [PATCH v3 2.6.39-rc1-tip 12/26] 12: uprobes: slot allocation for uprobes

On Tue, Apr 19, 2011 at 2:26 AM, Srikar Dronamraju
<srikar@...ux.vnet.ibm.com> wrote:
> * Peter Zijlstra <peterz@...radead.org> [2011-04-18 18:46:11]:
>
>> On Fri, 2011-04-01 at 20:04 +0530, Srikar Dronamraju wrote:

>> > +static int xol_add_vma(struct uprobes_xol_area *area)
>> > +{
>> > +   struct vm_area_struct *vma;
>> > +   struct mm_struct *mm;
>> > +   struct file *file;
>> > +   unsigned long addr;
>> > +   int ret = -ENOMEM;
>> > +
>> > +   mm = get_task_mm(current);
>> > +   if (!mm)
>> > +           return -ESRCH;
>> > +
>> > +   down_write(&mm->mmap_sem);
>> > +   if (mm->uprobes_xol_area) {
>> > +           ret = -EALREADY;
>> > +           goto fail;
>> > +   }
>> > +
>> > +   /*
>> > +    * Find the end of the top mapping and skip a page.
>> > +    * If there is no space for PAGE_SIZE above
>> > +    * that, mmap will ignore our address hint.
>> > +    *
>> > +    * We allocate a "fake" unlinked shmem file because
>> > +    * anonymous memory might not be granted execute
>> > +    * permission when the selinux security hooks have
>> > +    * their way.
>> > +    */
>>
>> That just annoys me, so we're working around some stupid sekurity crap,
>> executable anonymous maps are perfectly fine, also what do JITs do?
>
> Yes, we are working around selinux security hooks, but do we have a
> choice.
>
> James can you please comment on this.

[added myself and stephen, the 2 SELinux maintainers]

This is just wrong.  Anything to 'work around' SELinux in the kernel
is wrong.  SELinux access decisions are determined by policy not by
dirty hacks in the code to subvert any kind of security claims that
policy might hope to enforce.

[side note, security_file_mmap() is the right call if there is a file
or not.  It should just be called security_mmap() but the _file_ has
been around a long time and just never had a need to be changed]

Now how to fix the problems you were seeing.  If you run a modern
system with a GUI I'm willing to bet the pop-up window told you
exactly how to fix your problem.  If you are not on a GUI I accept
it's a more difficult as you most likely don't have the setroubleshoot
tools installed to help you out.  I'm just guess what your problem
was, but I think you have two solutions either:

1) chcon -t unconfined_execmem_t /path/to/your/binary
2) setsebool -P allow_execmem 1

The first will cause the binary to execute in a domain with
permissions to execute anonymous memory, the second will allow all
unconfined domains to execute anonymous memory.

I believe there was a question about how JIT's work with SELinux
systems.  They work mostly by method #1.

I did hear this question though: On a different but related note, how
is the use of uprobes controlled? Does it apply the same checking as
for ptrace?

Thanks guys!  If you have SELinux or LSM problems in the future let me
know.  It's likely the solution is easier than you imagine   ;)

-Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ