lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20120319154649.0687f545.akpm@linux-foundation.org>
Date:	Mon, 19 Mar 2012 15:46:49 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	richard -rw- weinberger <richard.weinberger@...il.com>
Cc:	Cyrill Gorcunov <gorcunov@...nvz.org>,
	LKML <linux-kernel@...r.kernel.org>,
	Oleg Nesterov <oleg@...hat.com>,
	KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>,
	Pavel Emelyanov <xemul@...allels.com>,
	Kees Cook <keescook@...omium.org>, Tejun Heo <tj@...nel.org>,
	Matt Helsley <matthltc@...ibm.com>
Subject: Re: [patch 1/2] c/r: prctl: Add ability to set new
 mm_struct::exe_file

On Mon, 19 Mar 2012 23:41:36 +0100
richard -rw- weinberger <richard.weinberger@...il.com> wrote:

> On Mon, Mar 19, 2012 at 11:39 PM, Cyrill Gorcunov <gorcunov@...nvz.org> wrote:
> > On Mon, Mar 19, 2012 at 03:15:07PM -0700, Andrew Morton wrote:
> > ...
> >> >
> >> > Also this action is one-shot only. For security reason
> >> > we don't allow to change the symlink several times.
> >>
> >> What is this mysterious "security reason"?
> >>
> >
> > Oh, sorry I should have included Matt's comment here

Please send a patch with the updated changelog and improved comment?

> >
> > Actually I liked multi-shot version more but Matt arguments convinced
> > me that one-short fashion is more "secure" in terms of overall kernel
> > state and potential transitions/changes of this /proc/pid/exe symlink.
> >
> > At least with one-shot version the admin may be sure that the symlink
> > is never changed more than once, ever.
> >
> 
> And changing it once does not harm security?
> I'm sure that rootkit writers will like this feature...

Well, let's discuss this more completely.  In what ways could an
attacker use this?  How serious is the problem?  What actions can be
taken to lessen it?  etcetera.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ