lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Thu, 31 Aug 2017 21:04:27 +0200
From:   Michał Mirosław <mirq-linux@...e.qmqm.pl>
To:     Ingo Molnar <mingo@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Oleg Nesterov <oleg@...hat.com>,
        "Eric W. Biederman" <ebiederm@...ssion.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Frederic Weisbecker <fweisbec@...il.com>,
        Stephen Smalley <sds@...ho.nsa.gov>,
        Pavel Tikhomirov <ptikhomirov@...tuozzo.com>,
        Stanislav Kinsburskiy <skinsbursky@...tuozzo.com>
Cc:     linux-kernel@...r.kernel.org (open list)
Subject: [PATCH] prctl: prepare for bigger TASK_COMM_LEN

Linux prctl(PR_SET/GET_NAME) is documented and assumed to use 16-byte
fixed-size buffers for thread name. There is /proc/[pid]/comm interface
that has no such limit.

This is one step to removing TASK_COMM_LEN 16-byte limit.

Signed-off-by: Michał Mirosław <mirq-linux@...e.qmqm.pl>
---
 kernel/sys.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/kernel/sys.c b/kernel/sys.c
index 8a94b4eabcaa..2c040968d064 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -2093,6 +2093,8 @@ static int propagate_has_child_subreaper(struct task_struct *p, void *data)
 	return 1;
 }
 
+#define PRCTL_TASK_COMM_LEN 16	// Linux prctl(PR_*_NAME) ABI
+
 SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
 		unsigned long, arg4, unsigned long, arg5)
 {
@@ -2100,6 +2102,8 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
 	unsigned char comm[sizeof(me->comm)];
 	long error;
 
+	BUILD_BUG_ON(sizeof(comm) < PRCTL_TASK_COMM_LEN);
+
 	error = security_task_prctl(option, arg2, arg3, arg4, arg5);
 	if (error != -ENOSYS)
 		return error;
@@ -2153,16 +2157,17 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
 			error = -EINVAL;
 		break;
 	case PR_SET_NAME:
-		comm[sizeof(me->comm) - 1] = 0;
+		comm[PRCTL_TASK_COMM_LEN - 1] = 0;
 		if (strncpy_from_user(comm, (char __user *)arg2,
-				      sizeof(me->comm) - 1) < 0)
+				      PRCTL_TASK_COMM_LEN - 1) < 0)
 			return -EFAULT;
 		set_task_comm(me, comm);
 		proc_comm_connector(me);
 		break;
 	case PR_GET_NAME:
 		get_task_comm(comm, me);
-		if (copy_to_user((char __user *)arg2, comm, sizeof(comm)))
+		comm[PRCTL_TASK_COMM_LEN - 1] = 0;
+		if (copy_to_user((char __user *)arg2, comm, strlen(comm) + 1))
 			return -EFAULT;
 		break;
 	case PR_GET_ENDIAN:
-- 
2.11.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ