| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 2 Sep 2014 10:31:22 +0100 From: Russell King - ARM Linux <linux@....linux.org.uk> To: AKASHI Takahiro <takahiro.akashi@...aro.org> Cc: "linaro-kernel@...ts.linaro.org" <linaro-kernel@...ts.linaro.org>, Kees Cook <keescook@...omium.org>, Catalin Marinas <Catalin.Marinas@....com>, Will Deacon <will.deacon@....com>, LKML <linux-kernel@...r.kernel.org>, "arndb@...db.de" <arndb@...db.de>, Deepak Saxena <dsaxena@...aro.org>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org> Subject: Re: [PATCH v6 2/6] arm64: ptrace: allow tracer to skip a system call On Tue, Sep 02, 2014 at 10:16:22AM +0100, Russell King - ARM Linux wrote: > On Tue, Sep 02, 2014 at 05:47:29PM +0900, AKASHI Takahiro wrote: > > On 09/01/2014 08:47 PM, Russell King - ARM Linux wrote: > >> On Wed, Aug 27, 2014 at 02:55:46PM +0900, AKASHI Takahiro wrote: > >>> 1) > >>> setting x0 to -ENOSYS is necessary because, otherwise, user-issued syscall(-1) will > >>> return a bogus value when audit tracing is on. > >>> > >>> Please note that, on arm, > >>> not traced traced > >>> ------ ------ > >>> syscall(-1) aborted OOPs(BUG_ON) > >>> syscall(-3000) aborted aborted > >>> syscall(1000) ENOSYS ENOSYS > >> > >> Two points here: > >> > >> 1. You've found a case which causes a BUG_ON(). Where is the bug report > >> for this, so the problem can be investigated and resolved? > > > > I think that I mentioned it could also happen on arm somewhere in a talk > > with Will, but don't remember exactly when. > > Sorry, not good enough. Please report this bug so it can be investigated > and fixed. I'm going to go further than this, and tell you that you have been downright irresponsible here, and I'm disgusted by your behaviour over this. You have revealed a potential security problem publically, effectively giving details about how to cause it, but without having first reported it to people who can fix it, nor providing a fix for it. Why is it a security problem? Although it can't be used to gain information, it can be used potentially to deny service. Any user can trace a task which they own, and then set the task's syscall to -1, which according to you results in a kernel oops. If the kernel oops happens while holding any locks, that part of the system becomes non-functional and can result in all userland stopping dead. -- FTTC broadband for 0.8mile line: currently at 9.5Mbps down 400kbps up according to speedtest.net. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists