| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALCETrVPJGG212ZBYXAZzXTzHZY9gAHppBdAya708Y=uZJEsVg@mail.gmail.com> Date: Mon, 25 Jul 2016 17:21:15 -0700 From: Andy Lutomirski <luto@...capital.net> To: Ingo Molnar <mingo@...nel.org> Cc: Pedro Alves <palves@...hat.com>, Oleg Nesterov <oleg@...hat.com>, Kees Cook <keescook@...omium.org>, Borislav Petkov <bp@...en8.de>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, X86 ML <x86@...nel.org> Subject: Re: [PATCH v3 1/3] x86/ptrace: Stop setting TS_COMPAT in ptrace code On Mon, Jul 25, 2016 at 9:57 AM, Andy Lutomirski <luto@...capital.net> wrote: > On Jul 24, 2016 11:38 PM, "Ingo Molnar" <mingo@...nel.org> wrote: >> >> >> * Andy Lutomirski <luto@...capital.net> wrote: >> >> > On Mon, Jun 20, 2016 at 4:39 PM, Andy Lutomirski <luto@...nel.org> wrote: >> > > Setting TS_COMPAT in ptrace is wrong: if we happen to do it during >> > > syscall entry, then we'll confuse seccomp and audit. (The former >> > > isn't a security problem: seccomp is currently entirely insecure if a >> > > malicious ptracer is attached.) As a minimal fix, this patch adds a >> > > new flag TS_I386_REGS_POKED that handles the ptrace special case. >> > >> > Hi Ingo- >> > >> > Could you apply this one patch for 4.8? While I don't think it's a >> > significant security issue in 4.7 or earlier, leaving it unfixed in >> > 4.8 will introduce a potentially unpleasant interaction with some >> > seccomp changes that are queued up in the >> > security tree for 4.8. >> > >> > It will have a trivially-resolvable conflict with -mm. >> > >> > The rest of the series this is in can wait. >> >> I don't mind the rest of the series either - could you please repost it (with the >> review feedback addressed)? > > I'm nervous about it for a couple reasons involving the fact that it's > user visible. > > 1. It doesn't make gdb work right in all the cases that gdb currently > gets wrong. I haven't had time to think about whether there's a > minimal tweak that would fix this. After re-reading the whole thread, I think that the rest of the series needs a good self-test to make sure that we're providing whatever behavior we think we're providing. So I really don't what to apply it yet. --Andy
Powered by blists - more mailing lists