lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Fri, 22 Apr 2011 16:19:31 -0700 (PDT)
From:	David Rientjes <rientjes@...gle.com>
To:	J Freyensee <james_p_freyensee@...ux.intel.com>
cc:	Greg KH <gregkh@...e.de>,
	Andrew Morton <akpm@...ux-foundation.org>,
	linux-kernel@...r.kernel.org, suhail.ahmed@...el.com,
	christophe.guerard@...el.com
Subject: Re: [PATCH] export kernel call get_task_comm().

On Fri, 22 Apr 2011, J Freyensee wrote:

> I'll do whatever is best and easiest for you and will bring a close to
> my submission attempts.  I can also just go into the Kconfig where the
> pti driver is configured and just make the selection bool, yes or no,
> and not make it an option to compile this modularly.  Then I'll drop
> this patch all together.  This is the whole reason why I'm making this
> change.  I don't have to have the pti driver as a module, just more
> convenient.  And within the fs/exec.c it states reads to 'current->comm'
> without a lock is safe.
> 

It's safe to read current->comm without holding task_lock(current), but it 
may be corrupted by a concurrent write via /proc/pid-of-current/comm, 
which could result in garbage where you'd expect the name of the thread.  
That doesn't sound very clean to me and adds more incentive to implement 
some finer-grained protection like a seqlock specifically for tsk->comm.

If /proc/pid/comm is really that important and we can't get away with the 
long-standing prctl(PR_SET_NAME), then you need to protect the string 
somehow and I'm quite surprised this wasn't required before writing other 
threads' comm was allowed.

If you can get away with task_lock(current) in your driver, then great, 
export the symbol and use it, but we have hundreds of racy reads to a 
thread's comm all over the kernel.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ