lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20160802214048.GA9770@pc.thejh.net>
Date:	Tue, 2 Aug 2016 23:40:48 +0200
From:	Jann Horn <jann@...jh.net>
To:	Joe Korty <joe.korty@...r.com>
Cc:	stable@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] fix mm_access bug in pagemap_read

On Tue, Aug 02, 2016 at 03:26:53PM -0400, Joe Korty wrote:
> Hi Jann,
> The following linux-4.1.y git commit, y > 17,
> 
>     Commit caaee6234d05a58c5b4d05e7bf766131b810a657
>     Author: Jann Horn <jann@...jh.net>
>     Date:   Wed Jan 20 15:00:04 2016 -0800
> 
>     ptrace: use fsuid, fsgid, effective creds for fs access checks
> 
> broke linux-4.1.y with the following oops, repeated forever.

>    [   81.122531] ------------[ cut here ]------------
>    [   81.127161] WARNING: CPU: 6 PID: 5553 at kernel/ptrace.c:248 __ptrace_may_access+0x18a/0x1a0()
>    [   81.135780] denying ptrace access check without PTRACE_MODE_*CREDS

(Nit: That's just a warning, not an oops - it blocks access, but
doesn't kill the calling process. But still not good, of course.)


> The problem is that the above git commit missed one mm_access call
> that needed converting.  In this patch, we convert PTRACE_MODE_READ
> to PTRACE_MODE_READ_FSCREDS as that seems more correct for pagemap_read
> than PTRACE_MODE_READ_REALCREDS.

Yup, PTRACE_MODE_READ_FSCREDS is appropriate here.


> There may be stable releases other than linux-4.1.y that need this fix.
> 
> Signed-off-by: Joe Korty <joe.korty@...r.com>
> 
> Index: b/fs/proc/task_mmu.c
> ===================================================================
> --- a/fs/proc/task_mmu.c
> +++ b/fs/proc/task_mmu.c
> @@ -1257,7 +1257,7 @@ static ssize_t pagemap_read(struct file 
>  	if (!pm.buffer)
>  		goto out_task;
>  
> -	mm = mm_access(task, PTRACE_MODE_READ);
> +	mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
>  	ret = PTR_ERR(mm);
>  	if (!mm || IS_ERR(mm))
>  		goto out_free;


Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ