lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20160803204354.GA12989@pc.thejh.net>
Date:	Wed, 3 Aug 2016 22:43:54 +0200
From:	Jann Horn <jann@...jh.net>
To:	Joe Korty <joe.korty@...r.com>
Cc:	"stable@...r.kernel.org" <stable@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] fix mm_access bug in pagemap_read

On Wed, Aug 03, 2016 at 02:58:30PM -0400, Joe Korty wrote:
> On Tue, Aug 02, 2016 at 05:40:48PM -0400, Jann Horn wrote:
> > On Tue, Aug 02, 2016 at 03:26:53PM -0400, Joe Korty wrote:
> > > Hi Jann,
> > > The following linux-4.1.y git commit, y > 17,
> > > 
> > >     Commit caaee6234d05a58c5b4d05e7bf766131b810a657
> > >     Author: Jann Horn <jann@...jh.net>
> > >     Date:   Wed Jan 20 15:00:04 2016 -0800
> > > 
> > >     ptrace: use fsuid, fsgid, effective creds for fs access checks
> > > 
> > > broke linux-4.1.y with the following oops, repeated forever.
> > 
> > >    [   81.122531] ------------[ cut here ]------------
> > >    [   81.127161] WARNING: CPU: 6 PID: 5553 at kernel/ptrace.c:248 __ptrace_may_access+0x18a/0x1a0()
> > >    [   81.135780] denying ptrace access check without PTRACE_MODE_*CREDS
> > 
> > (Nit: That's just a warning, not an oops - it blocks access, but
> > doesn't kill the calling process. But still not good, of course.)
> > 
> > 
> > > The problem is that the above git commit missed one mm_access call
> > > that needed converting.  In this patch, we convert PTRACE_MODE_READ
> > > to PTRACE_MODE_READ_FSCREDS as that seems more correct for pagemap_read
> > > than PTRACE_MODE_READ_REALCREDS.
> > 
> > Yup, PTRACE_MODE_READ_FSCREDS is appropriate here.
> > 
> > 
> > > There may be stable releases other than linux-4.1.y that need this fix.
> > > 
> > > Signed-off-by: Joe Korty <joe.korty@...r.com>
> > > 
> > > Index: b/fs/proc/task_mmu.c
> > > ===================================================================
> > > --- a/fs/proc/task_mmu.c
> > > +++ b/fs/proc/task_mmu.c
> > > @@ -1257,7 +1257,7 @@ static ssize_t pagemap_read(struct file 
> > >  	if (!pm.buffer)
> > >  		goto out_task;
> > >  
> > > -	mm = mm_access(task, PTRACE_MODE_READ);
> > > +	mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
> > >  	ret = PTR_ERR(mm);
> > >  	if (!mm || IS_ERR(mm))
> > >  		goto out_free;
> > 
> 
> 
> Hi Jann,
> Greg may need an 'Acked-by' from you before he can apply this fix.

Ah, okay. Sure, you can add:

Acked-by: Jann Horn <jann@...jh.net>

> Greg, I just looked at the longterm and the 4.7 releases and it
> appears that only 4.1 and 3.18 need this fix.

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ