lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Sep 2018 21:39:53 +0300 From: Cyrill Gorcunov <gorcunov@...il.com> To: Tong Zhang <ztong@...edu> Cc: adobriyan@...il.com, akpm@...ux-foundation.org, viro@...iv.linux.org.uk, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-security-module@...r.kernel.org, wenbo.s@...sung.com Subject: Re: Leaking path for set_task_comm On Tue, Sep 25, 2018 at 01:27:08PM -0400, Tong Zhang wrote: > Kernel Version: 4.18.5 > > Problem Description: > > When using prctl(PR_SET_NAME) to set the thread name, it is checked by security_task_prctl. > > We discovered a leaking path that can also use method implemented in > fs/proc/base.c:1526 comm_write(), to do similar thing without asking LSM’s decision. I don't understand how it is a problem. Could you please explain? procfs/comm is created with S_IRUGO|S_IWUSR permissions. So prctl and procfs are simply different interfaces.
Powered by blists - more mailing lists