lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150315170521.GA2278@moon>
Date:	Sun, 15 Mar 2015 20:05:21 +0300
From:	Cyrill Gorcunov <gorcunov@...il.com>
To:	Davidlohr Bueso <dave@...olabs.net>
Cc:	Oleg Nesterov <oleg@...hat.com>, akpm@...ux-foundation.org,
	viro@...iv.linux.org.uk, koct9i@...il.com, linux-mm@...ck.org,
	linux-kernel@...r.kernel.org, Kees Cook <keescook@...omium.org>
Subject: Re: [PATCH -next v2 0/4] mm: replace mmap_sem for mm->exe_file
 serialization

On Sun, Mar 15, 2015 at 08:42:05AM -0700, Davidlohr Bueso wrote:
> > > > Yes, this code needs cleanups, I agree. Does this series makes it better?
> > > > To me it doesn't, and the diffstat below shows that it blows the code.
> > >
> > > Looking at some of the caller paths now, I have to disagree.
> > 
> > And I believe you are wrong. But let me repeat, I leave this to Cyrill
> > and Konstantin. Cleanups are always subjective.
> > 
> > > > In fact, to me it complicates this code. For example. Personally I think
> > > > that MMF_EXE_FILE_CHANGED should die. And currently we can just remove it.
> > >
> > > How could you remove this?
> > 
> > Just remove this flag and the test_and_set_bit(MMF_EXE_FILE_CHANGED) check.
> > Again, this is subjective, but to me it looks ugly. Why do we allow to
> > change ->exe_file but only once?

This came from very first versions of the functionality implemented
in prctl. It supposed to help sysadmins to notice if there exe
transition happened. As to me it doesn't bring much security, if I
would be a virus I would simply replace executing code with ptrace
or via other ways without telling outside world that i've changed
exe path. That said I would happily rip off this MMF_EXE_FILE_CHANGED
bit but I fear security guys won't be that happy about it.
(CC'ing Kees)

As to series as a "cleanup" in general -- we need to measure that
at least it doesn't bring perf downgrade at least.

> Ok I think I am finally seeing where you are going. And I like it *a
> lot* because it allows us to basically replace mmap_sem with rcu
> (MMF_EXE_FILE_CHANGED being the only user that requires a lock!!), but
> am afraid it might not be possible. I mean currently we have no rule wrt
> to users that don't deal with prctl. 
> 
> Forbidding multiple exe_file changes to be generic would certainly
> change address space semantics, probably for the better (tighter around
> security), but changed nonetheless so users would have a right to
> complain, no? So if we can get away with removing MMF_EXE_FILE_CHANGED
> I'm all for it. Andrew?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ