| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 May 2018 15:39:20 -0700 From: Andrew Morton <akpm@...ux-foundation.org> To: Alexey Dobriyan <adobriyan@...il.com> Cc: linux-kernel@...r.kernel.org Subject: Re: [PATCH] proc: test /proc/*/fd a bit (+ PF_KTHREAD is ABI!) On Sat, 5 May 2018 03:04:14 +0300 Alexey Dobriyan <adobriyan@...il.com> wrote: > * Test lookup in /proc/self/fd. > "map_files" lookup story showed that lookup is not that simple. > > * Test that all those symlinks open the same file. > Check with (st_dev, st_info). > > * Test that kernel threads do not have anything in their /proc/*/fd/ > directory. > > Now this is where things get interesting. > > First, kernel threads aren't pinned by /proc/self or equivalent, > thus some "atomicity" is required. > > Second, ->comm can contain whitespace and ')'. > No, they are not escaped. > > Third, the only reliable way to check if process is kernel thread > appears to be field #9 in /proc/*/stat. > > This field is struct task_struct::flags in decimal! > Check is done by testing PF_KTHREAD flags like we do in kernel. > > PF_KTREAD value is a part of userspace ABI !!! erk. Well if there's a need the we could export and support some stable interface. I wonder how ps determines this. > Other methods for determining kernel threadness are not reliable: > * RSS can be 0 if everything is swapped, even while reading > from /proc/self. > > * ->total_vm CAN BE ZERO if process is finishing > > munmap(NULL, whole address space); > > * /proc/*/maps and similar files can be empty because unmapping > everything works. Read returning 0 can't distinguish between > kernel thread and such suicide process. >
Powered by blists - more mailing lists