| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALCETrU3B1fiEQTS8d=w+outfWu3aMjT67LGtStCxYZgvfXomg@mail.gmail.com> Date: Mon, 20 Jun 2016 12:37:44 -0700 From: Andy Lutomirski <luto@...capital.net> To: Andy Lutomirski <luto@...nel.org> Cc: X86 ML <x86@...nel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Kees Cook <keescook@...omium.org>, Borislav Petkov <bp@...en8.de>, Oleg Nesterov <oleg@...hat.com>, Pedro Alves <palves@...hat.com> Subject: Re: [PATCH v2] x86/ptrace: Stop setting TS_COMPAT in ptrace code On Mon, Jun 20, 2016 at 9:29 AM, Andy Lutomirski <luto@...nel.org> wrote: > Setting TS_COMPAT in ptrace is wrong: if we happen to do it during > syscall entry, then we'll confuse seccomp and audit. (The former > isn't a security problem: seccomp is currently entirely insecure if a > malicious ptracer is attached.) As a minimal fix, this patch adds a > new flag TS_I386_REGS_POKED that handles the ptrace special case. > > Cc: Pedro Alves <palves@...hat.com> > Cc: Oleg Nesterov <oleg@...hat.com> > Cc: Kees Cook <keescook@...omium.org> > Signed-off-by: Andy Lutomirski <luto@...nel.org> In case you're interested, my draft followup (definitely not for x86/urgent) is: https://git.kernel.org/cgit/linux/kernel/git/luto/linux.git/commit/?h=x86/vmap_stack&id=50d2f2a9fe1b Pedro, this appears to pass ptrace-tests. I need to try the 64-vs-32 thing, but it's intended to fix it for real. It may not work for in really exotic cases like gdb under UML, but I don't know if we can fix that even in principle. Some day we should expose syscall arch directly via ptrace. --Andy
Powered by blists - more mailing lists