| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 Feb 2012 00:25:38 +0400
From: Cyrill Gorcunov <gorcunov@...nvz.org>
To: Vasiliy Kulikov <segoon@...nwall.com>,
Oleg Nesterov <oleg@...hat.com>
Cc: "Eric W. Biederman" <ebiederm@...ssion.com>,
Pavel Emelyanov <xemul@...allels.com>,
Andrey Vagin <avagin@...nvz.org>,
KOSAKI Motohiro <kosaki.motohiro@...il.com>,
Ingo Molnar <mingo@...e.hu>, "H. Peter Anvin" <hpa@...or.com>,
Thomas Gleixner <tglx@...utronix.de>,
Glauber Costa <glommer@...allels.com>,
Andi Kleen <andi@...stfloor.org>, Tejun Heo <tj@...nel.org>,
Matt Helsley <matthltc@...ibm.com>,
Pekka Enberg <penberg@...nel.org>,
Eric Dumazet <eric.dumazet@...il.com>,
Alexey Dobriyan <adobriyan@...il.com>, Valdis.Kletnieks@...edu,
Michal Marek <mmarek@...e.cz>,
Frederic Weisbecker <fweisbec@...il.com>,
Andrew Morton <akpm@...ux-foundation.org>,
linux-kernel@...r.kernel.org
Subject: Re: + syscalls-x86-add-__nr_kcmp-syscall-v8.patch added to -mm tree
On Thu, Feb 16, 2012 at 12:05:33AM +0400, Cyrill Gorcunov wrote:
> On Wed, Feb 15, 2012 at 11:57:33PM +0400, Vasiliy Kulikov wrote:
> > >
> > > This makes me scratch the head ;) I think ptrace_may_access (or
> > > some other security test) should remain since it's somehow weird
> > > if non-root task will be able to find objects order from privileged
> > > task. Thus I need to find a way how to handle execve(setuid_app).
> > > Need to think...
> >
> > Look at fs/proc/base.c:lock_trace() - it locks ->cred_guard_mutex
> > for the whole period of time when it uses a resource.
>
> Yup, thanks Vasiliy! I've just found cred_guard_mutex in
> install_exec_creds. Now I'm thinking if this is what we
> need here ;)
>
Something like below I think (not yet tested, overall update).
Cyrill
---
diff -u linux-2.6.git/kernel/kcmp.c linux-2.6.git/kernel/kcmp.c
--- linux-2.6.git/kernel/kcmp.c
+++ linux-2.6.git/kernel/kcmp.c
@@ -44,20 +44,34 @@
static struct file *
get_file_raw_ptr(struct task_struct *task, unsigned int idx)
{
- struct fdtable *fdt;
- struct file *file;
+ struct file *file = NULL;
- spin_lock(&task->files->file_lock);
- fdt = files_fdtable(task->files);
- if (idx < fdt->max_fds)
- file = fdt->fd[idx];
- else
- file = NULL;
- spin_unlock(&task->files->file_lock);
+ task_lock(task);
+ rcu_read_lock();
+
+ if (task->files)
+ file = fcheck_files(task->files, idx);
+
+ rcu_read_unlock();
+ task_unlock(task);
return file;
}
+static int may_access(struct task_struct *task)
+{
+ int err = mutex_lock_killable(&task->signal->cred_guard_mutex);
+ if (err)
+ return err;
+
+ if (!ptrace_may_access(task, PTRACE_MODE_READ)) {
+ mutex_unlock(&task->signal->cred_guard_mutex);
+ return -EPERM;
+ }
+
+ return 0;
+}
+
SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type,
unsigned long, idx1, unsigned long, idx2)
{
@@ -82,11 +96,12 @@
/*
* One should have enough rights to inspect task details.
*/
- if (!ptrace_may_access(task1, PTRACE_MODE_READ) ||
- !ptrace_may_access(task2, PTRACE_MODE_READ)) {
- ret = -EACCES;
+ ret = may_access(task1);
+ if (ret)
goto err;
- }
+ ret = may_access(task2);
+ if (ret)
+ goto err_unlock;
switch (type) {
case KCMP_FILE: {
@@ -130,6 +145,9 @@
break;
}
+ mutex_unlock(&task2->signal->cred_guard_mutex);
+err_unlock:
+ mutex_unlock(&task1->signal->cred_guard_mutex);
err:
put_task_struct(task1);
put_task_struct(task2);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists