lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALCETrW3gnXjUqvm-jNZq6k_qSnTN5=VNRCp+gNC+t2YtBBMYQ@mail.gmail.com>
Date:	Thu, 22 Aug 2013 11:29:12 -0700
From:	Andy Lutomirski <luto@...capital.net>
To:	Oleg Nesterov <oleg@...hat.com>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Brad Spengler <spender@...ecurity.net>,
	Colin Walters <walters@...hat.com>,
	Pavel Emelyanov <xemul@...allels.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 3/3] fork: unify and tighten up CLONE_NEWUSER/CLONE_NEWPID checks

On Thu, Aug 22, 2013 at 11:15 AM, Oleg Nesterov <oleg@...hat.com> wrote:
> On 08/22, Andy Lutomirski wrote:
>>
>> On Thu, Aug 22, 2013 at 10:10 AM, Oleg Nesterov <oleg@...hat.com> wrote:
>> > do_fork() denies CLONE_THREAD | CLONE_PARENT if NEWUSER | NEWPID.
>> >
>> > Then later copy_process() denies CLONE_SIGHAND if the new process
>> > will be in a different pid namespace (task_active_pid_ns() doesn't
>> > match current->nsproxy->pid_ns).
>> >
>> > This looks confusing and inconsistent. CLONE_NEWPID is very similar
>> > to the case when ->pid_ns was already unshared, we want the same
>> > restrictions so copy_process() should also nack CLONE_PARENT.
>> >
>> > And it would be better to deny CLONE_NEWUSER && CLONE_SIGHAND as
>> > well just for consistency.
>> >
>> > Kill the "CLONE_NEWUSER | CLONE_NEWPID" check in do_fork() and
>> > change copy_process() to the same check along with nsproxy->pid_ns
>> > we already have.
>>
>> Did the old code actually prevent clone(CLONE_PARENT | CLONE_NEWPID)?
>> The new code explicitly does, and that looks like a good thing.
>
>
> Yes. Before this patch do_fork() did:
>
>         if (clone_flags & (CLONE_NEWUSER | CLONE_NEWPID)) {
>                 if (clone_flags & (CLONE_THREAD|CLONE_PARENT))
>                         return -EINVAL;
>         }
>
> however, let me repeat, CLONE_PARENT after unshare(CLONE_NEWPID) was
> allowed. With this patch CLONE_PARENT is nacked in both cases.
>

Is this -stable-worthy?

--Andy


> Oleg.
>



-- 
Andy Lutomirski
AMA Capital Management, LLC
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ