lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 25 Mar 2013 19:11:28 -0600
From:	Ben Woodard <woodard@...hat.com>
To:	Andrew Morton <akpm@...ux-foundation.org>,
	linux-kernel@...r.kernel.org, roland@...b.com
CC:	Oleg Nesterov <oleg@...hat.com>,
	"Mark A. Grondona" <grondona1@...l.gov>
Subject: [PATCH] Fix child thread's introspection of /proc/self/exe

Allow threads other than the main thread to do introspection of files in 
proc without relying on read permissions. proc_pid_follow_link() calls 
proc_fd_access_allowed() which ultimately calls __ptrace_may_access().

Though this allows additional access to some proc files, we do not 
believe that this has any unintended security implications. However it 
probably needs to be looked at carefully.

The original problem was a thread of a process whose permissions were 
111 couldn't open its own /proc/self/exe This was interfering with a 
special purpose debugging tool. A simple reproducer is below.:

#include <pthread.h>
#include <unistd.h>
#include <stdio.h>
#include <errno.h>
#include <stdlib.h>
#include <sys/types.h>

#define BUFSIZE 2048

void *thread_main(void *arg){
   char *str=(char*)arg;
   char buf[BUFSIZE];
   ssize_t len=readlink("/proc/self/exe", buf, BUFSIZE);
   if(len==-1)
     printf("/proc/self/exe in %s: %s\n", str,sys_errlist[errno]);
   else
     printf("/proc/self/exe in %s: OK\n", str);

   return 0;
}

int main(){
   pthread_t thread;

   int retval=pthread_create( &thread, NULL, thread_main, "thread");
   if(retval!=0)
     exit(1);

   thread_main("main");
   pthread_join(thread, NULL);

   exit(0);
}

Signed-off-by: Ben Woodard <woodard@...hat.com>
Signed-off-by: Mark Grondona <mgrondona@...l.gov>
---
  kernel/ptrace.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index acbd284..347c4c7 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -234,7 +234,7 @@ static int __ptrace_may_access(struct task_struct 
*task, unsigned int mode)
          */
         int dumpable = 0;
         /* Don't let security modules deny introspection */
-       if (task == current)
+       if (same_thread_group(task, current))
                 return 0;
         rcu_read_lock();
         tcred = __task_cred(task);
-- 
1.8.1.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ