| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160412212642.GD12324@mail.hallyn.com>
Date: Tue, 12 Apr 2016 16:26:42 -0500
From: "Serge E. Hallyn" <serge@...lyn.com>
To: Kees Cook <keescook@...omium.org>
Cc: James Morris <jmorris@...ei.org>, Joe Perches <joe@...ches.com>,
Mimi Zohar <zohar@...ux.vnet.ibm.com>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Andrew Morton <akpm@...ux-foundation.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Jonathan Corbet <corbet@....net>,
Kalle Valo <kvalo@...eaurora.org>,
Mauro Carvalho Chehab <mchehab@....samsung.com>,
Guenter Roeck <linux@...ck-us.net>,
Jiri Slaby <jslaby@...e.com>, Paul Moore <pmoore@...hat.com>,
Stephen Smalley <sds@...ho.nsa.gov>,
Casey Schaufler <casey@...aufler-ca.com>,
Andreas Gruenbacher <agruenba@...hat.com>,
Rasmus Villemoes <linux@...musvillemoes.dk>,
Ulf Hansson <ulf.hansson@...aro.org>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org
Subject: Re: [PATCH v4 4/6] Yama: consolidate error reporting
Quoting Kees Cook (keescook@...omium.org):
> Use a common error reporting function for Yama violation reports, and give
> more detail into the process command lines.
>
> Signed-off-by: Kees Cook <keescook@...omium.org>
Acked-by: Serge Hallyn <serge.hallyn@...onical.com>
> ---
> security/yama/yama_lsm.c | 31 +++++++++++++++++++++----------
> 1 file changed, 21 insertions(+), 10 deletions(-)
>
> diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
> index cb6ed10816d4..c19f6e5df9a3 100644
> --- a/security/yama/yama_lsm.c
> +++ b/security/yama/yama_lsm.c
> @@ -18,6 +18,7 @@
> #include <linux/prctl.h>
> #include <linux/ratelimit.h>
> #include <linux/workqueue.h>
> +#include <linux/string_helpers.h>
>
> #define YAMA_SCOPE_DISABLED 0
> #define YAMA_SCOPE_RELATIONAL 1
> @@ -41,6 +42,22 @@ static DEFINE_SPINLOCK(ptracer_relations_lock);
> static void yama_relation_cleanup(struct work_struct *work);
> static DECLARE_WORK(yama_relation_work, yama_relation_cleanup);
>
> +static void report_access(const char *access, struct task_struct *target,
> + struct task_struct *agent)
> +{
> + char *target_cmd, *agent_cmd;
> +
> + target_cmd = kstrdup_quotable_cmdline(target, GFP_KERNEL);
> + agent_cmd = kstrdup_quotable_cmdline(agent, GFP_KERNEL);
> +
> + pr_notice_ratelimited(
> + "ptrace %s of \"%s\"[%d] was attempted by \"%s\"[%d]\n",
> + access, target_cmd, target->pid, agent_cmd, agent->pid);
> +
> + kfree(agent_cmd);
> + kfree(target_cmd);
> +}
> +
> /**
> * yama_relation_cleanup - remove invalid entries from the relation list
> *
> @@ -307,11 +324,8 @@ static int yama_ptrace_access_check(struct task_struct *child,
> }
> }
>
> - if (rc && (mode & PTRACE_MODE_NOAUDIT) == 0) {
> - printk_ratelimited(KERN_NOTICE
> - "ptrace of pid %d was attempted by: %s (pid %d)\n",
> - child->pid, current->comm, current->pid);
> - }
> + if (rc && (mode & PTRACE_MODE_NOAUDIT) == 0)
> + report_access("attach", child, current);
>
> return rc;
> }
> @@ -337,11 +351,8 @@ int yama_ptrace_traceme(struct task_struct *parent)
> break;
> }
>
> - if (rc) {
> - printk_ratelimited(KERN_NOTICE
> - "ptraceme of pid %d was attempted by: %s (pid %d)\n",
> - current->pid, parent->comm, parent->pid);
> - }
> + if (rc)
> + report_access("traceme", current, parent);
>
> return rc;
> }
> --
> 2.6.3
Powered by blists - more mailing lists