lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Feb 2014 20:00:07 +0100 From: Oleg Nesterov <oleg@...hat.com> To: Steven Rostedt <rostedt@...dmis.org> Cc: LKML <linux-kernel@...r.kernel.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Andrew Morton <akpm@...ux-foundation.org>, Al Viro <viro@...IV.linux.org.uk>, David Smith <dsmith@...hat.com>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, Igor Zhbanov <i.zhbanov@...sung.com>, Christoph Hellwig <hch@...radead.org>, Paul Menage <menage@...gle.com> Subject: Re: [RFC][PATCH] exec: Fix use after free of tracepoint trace_sched_process_exec On 02/04, Steven Rostedt wrote: > > Now to fix this we need to save the filename before calling > search_binary_handler(). But we don't want to save it if we are not > tracing. Why slow everyone else down? Yes, but it would be much simpler to dup filename unconditionally. Note also that in this case we can kill linux_binprm->tcomm[] and simplify filename_to_taskname(). > This works, but is rather ugly. Yes ;) > Looking for any other suggestions here. Perhaps we can change flush_old_exec() to do if (!current->mm) { bprm->filename = kstrdup(bprm->filename); if (bprm->filename) bprm->filename_was_dupped = true; // for free_bprm() else bprm->filename = "//enomem"; } This won't penalize the normal exec, and this should fix the problem afaics. Perhaps, instead of "//enomem" flush_old_exec() should simply fail, in this case we can kill bprm->tcomm[] too. Oleg. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists