lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <52B3E221.4000909@canonical.com>
Date:	Thu, 19 Dec 2013 22:22:25 -0800
From:	John Johansen <john.johansen@...onical.com>
To:	Richard Guy Briggs <rgb@...hat.com>,
	Oleg Nesterov <oleg@...hat.com>
CC:	Andrew Morton <akpm@...ux-foundation.org>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Peter Zijlstra <peterz@...radead.org>,
	Eric Paris <eparis@...hat.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] apparmor: remove the "task" arg from may_change_ptraced_domain()

On 12/19/2013 08:36 PM, Richard Guy Briggs wrote:
> On 13/12/18, Oleg Nesterov wrote:
>> On 12/18, Richard Guy Briggs wrote:
>>>
>>> Bcc: rgb@...hat.com
>>> Subject: Re: [PATCH] apparmor: remove the "task" arg from
>>>  may_change_ptraced_domain()
>>> Reply-To:
>>> In-Reply-To: <20130926132519.GY13968@...cap2.tricolour.ca>
>>
>> The subject is empty ;) I changed it to match the above.
> 
> HTH?!?  Thanks for adding it.  (more below...)
> 
>>> On 13/09/26, Richard Guy Briggs wrote:
>>>> On Tue, Sep 24, 2013 at 06:44:42PM +0200, Oleg Nesterov wrote:
>>>>> On 09/23, Richard Guy Briggs wrote:
>>>>>>
>>>>>> On Mon, Sep 16, 2013 at 04:20:35PM +0200, Oleg Nesterov wrote:
>>>>>>> Unless task == current ptrace_parent(task) is not safe even under
>>>>>>> rcu_read_lock() and most of the current users are not right.
>>>>>>
>>>>>> Could you point to an explanation of this?
>>>>>
>>>>> If this task exits before rcu_read_lock() ->parent can point to the
>>>>> already freed/reused memory.
>>>>
>>>> Ok, understood.  So even though the task may have exited, the task
>>>> struct pointer is still valid, but not the contents of the task struct
>>>> to which it points.
>>>
>>> [The thread also relates to the patch
>>> 	"pid: get ppid pid_t of task in init_pid_ns safely"
>>> in which sys_getppid() (which appears safe) is replaced with something that
>>> references the init_pid_ns rather than current's pid_ns.]
>>>
>>> So, in the general case, that call is not safe, and we should at least
>>> remove the task_struct argument.
>>
>> I changed my mind, please see the recent discussion with Paul:
>>
>> 	http://marc.info/?t=138626281900001
>>
>> instead we should document why ptrace_parent() is safe without pid_alive().
> 
> Interesting.  I wasn't aware of pid_alive(), but that would certainly
> help.
> 
>> I hope that the change in apparmor was fine anyway.
> 
> Yes, I'm fine with apparmor change, if it was deemed that the ppid
> wasn't needed.  If it is, then it should use this new task_ppid_nr().
it wasn't needed, changes where made years ago to allow us to get rid of
using the parent pid. Its was left in for a transition period and just
had never been removed.

> Better yet I think to generalize it to anticipate auditd in containers.
> 
yep, that is the way to go

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ