lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20161109070238.GA1870@uranus.lan>
Date:   Wed, 9 Nov 2016 10:02:38 +0300
From:   Cyrill Gorcunov <gorcunov@...il.com>
To:     Josh Triplett <josh@...htriplett.org>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Kees Cook <keescook@...omium.org>,
        Johannes Weiner <hannes@...xchg.org>,
        Arnd Bergmann <arnd@...db.de>, Ingo Molnar <mingo@...nel.org>,
        Andy Lutomirski <luto@...nel.org>,
        Petr Mladek <pmladek@...e.com>,
        Thomas Garnier <thgarnie@...gle.com>,
        Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        Nicolas Pitre <nicolas.pitre@...aro.org>,
        Zefan Li <lizefan@...wei.com>,
        Li Bin <huawei.libin@...wei.com>,
        "Eric W. Biederman" <ebiederm@...ssion.com>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Ralf Baechle <ralf@...ux-mips.org>,
        Alex Thorlton <athorlton@....com>,
        Michal Hocko <mhocko@...e.com>,
        Mateusz Guzik <mguzik@...hat.com>,
        John Stultz <john.stultz@...aro.org>,
        Al Viro <viro@...iv.linux.org.uk>, Zach Brown <zab@...hat.com>,
        Anna Schumaker <Anna.Schumaker@...app.com>,
        Dave Hansen <dave.hansen@...el.com>,
        linux-kernel@...r.kernel.org, linux-api@...r.kernel.org
Subject: Re: [PATCH 1/2] kernel: Move prctl and helpers from kernel/sys.c to
 new kernel/prctl.c

On Tue, Nov 08, 2016 at 04:18:13PM -0800, Josh Triplett wrote:
> This prepares for making prctl optional.
> 
> Signed-off-by: Josh Triplett <josh@...htriplett.org>
> +
...
> +static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd)
> +{
> +	struct fd exe;
> +	struct file *old_exe, *exe_file;
> +	struct inode *inode;
> +	int err;
> +
> +	exe = fdget(fd);
> +	if (!exe.file)
> +		return -EBADF;
> +
> +	inode = file_inode(exe.file);
> +
> +	/*
> +	 * Because the original mm->exe_file points to executable file, make
> +	 * sure that this one is executable as well, to avoid breaking an
> +	 * overall picture.
> +	 */
> +	err = -EACCES;
> +	if (!S_ISREG(inode->i_mode) || path_noexec(&exe.file->f_path))
> +		goto exit;
> +
> +	err = inode_permission(inode, MAY_EXEC);
> +	if (err)
> +		goto exit;
> +
> +	/*
> +	 * Forbid mm->exe_file change if old file still mapped.
> +	 */
> +	exe_file = get_mm_exe_file(mm);
> +	err = -EBUSY;
> +	if (exe_file) {
> +		struct vm_area_struct *vma;
> +
> +		down_read(&mm->mmap_sem);
> +		for (vma = mm->mmap; vma; vma = vma->vm_next) {
> +			if (!vma->vm_file)
> +				continue;
> +			if (path_equal(&vma->vm_file->f_path,
> +				       &exe_file->f_path))
> +				goto exit_err;
> +		}
> +
> +		up_read(&mm->mmap_sem);
> +		fput(exe_file);
> +	}
> +
> +	/*
> +	 * The symlink can be changed only once, just to disallow arbitrary
> +	 * transitions malicious software might bring in. This means one
> +	 * could make a snapshot over all processes running and monitor
> +	 * /proc/pid/exe changes to notice unusual activity if needed.
> +	 */
> +	err = -EPERM;
> +	if (test_and_set_bit(MMF_EXE_FILE_CHANGED, &mm->flags))
> +		goto exit;

IIRC this snippet has been dropped in linux-next tree. Stas CC'ed.
The rest looks cool for me. Thanks!

Reviewed-by: Cyrill Gorcunov <gorcunov@...nvz.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ