| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Jun 2016 19:29:34 +0800 From: Zhao Lei <zhaolei@...fujitsu.com> To: <linux-kernel@...r.kernel.org> CC: <containers@...ts.linux-foundation.org>, "Eric W. Biederman" <ebiederm@...ssion.com>, Mateusz Guzik <mguzik@...hat.com>, Kamezawa Hiroyuki <kamezawa.hiroyu@...fujitsu.com>, Zhao Lei <zhaolei@...fujitsu.com> Subject: [PATCH v2 0/3] Write dump into container's filesystem for pipe_type core_pattern In current system, when we set core_pattern to a pipe, both pipe program and program's output are in host's filesystem. But when we set core_pattern to a file, the container will write dump into container's filesystem. For example, when we set following core_pattern: # echo "|/my_dump_pipe %s %c %p %u %g %t e" >/proc/sys/kernel/core_pattern and trigger a segment fault in a container, my_dump_pipe is searched from host's filesystem, and it will write coredump into host's filesystem too. In a privileged container, user can destroy host system by following command: # # In a container # echo "|/bin/dd of=/boot/vmlinuz" >/proc/sys/kernel/core_pattern # make_dump Actually, all operation in a container should not change host's environment, the container should use core_pattern as its private setting. In detail, in core dump action: 1: Search pipe program in container's fs namespace. 2: Run pipe program in container's fs namespace to write coredump to it. I rewrited this patch from origional: http://www.gossamer-threads.com/lists/linux/kernel/2395715?do=post_view_flat and changed the impliment way and function detail discussed in: http://www.gossamer-threads.com/lists/linux/kernel/2397602?nohighlight=1#2397602 Changelog v1->v2: 1: Move path_put() out of spin_lock, suggested by: Al Viro <viro@....linux.org.uk> Changelog RFC->v1: 1: RFC->v1 2: Rebase on top of v4.7-rc2 Changes against previous impliment: 1: Avoid forking thread from the crach process. Suggested-by: Eric W. Biederman <ebiederm@...ssion.com> 2: To keep compatibility with current code, if user hadn't change core_pattern in container, the dump file will still write to the host filesystem. Suggested-by: Eric W. Biederman <ebiederm@...ssion.com> Zhao Lei (3): Save dump_root into pid_namespace Make dump_pipe thread possilbe to select the rootfs Write dump into container's filesystem for pipe_type core_pattern fs/coredump.c | 19 ++++++++++++++++++- fs/fs_struct.c | 25 ++++++++++++++++--------- include/linux/fs_struct.h | 3 ++- include/linux/kmod.h | 4 +++- include/linux/pid_namespace.h | 3 +++ include/linux/sched.h | 5 +++-- init/do_mounts_initrd.c | 3 ++- init/main.c | 4 ++-- kernel/fork.c | 34 ++++++++++++++++++++-------------- kernel/kmod.c | 13 ++++++++----- kernel/kthread.c | 3 ++- kernel/pid.c | 1 + kernel/pid_namespace.c | 6 ++++++ kernel/sysctl.c | 33 +++++++++++++++++++++++++++++---- lib/kobject_uevent.c | 3 ++- security/keys/request_key.c | 2 +- 16 files changed, 118 insertions(+), 43 deletions(-) -- 1.8.5.1
Powered by blists - more mailing lists