lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 27 Sep 2018 17:35:10 +0200
From:   Jann Horn <jannh@...gle.com>
To:     Cyrill Gorcunov <gorcunov@...il.com>
Cc:     Al Viro <viro@...iv.linux.org.uk>, linux-fsdevel@...r.kernel.org,
        Michal Hocko <mhocko@...nel.org>,
        Oleg Nesterov <oleg@...hat.com>, avagin@...tuozzo.com,
        kernel list <linux-kernel@...r.kernel.org>
Subject: Re: [linux-next] BUG triggered in ptraceme

On Wed, Sep 19, 2018 at 6:13 PM Cyrill Gorcunov <gorcunov@...il.com> wrote:
>
> On Wed, Sep 19, 2018 at 04:16:50PM +0200, Jann Horn wrote:
> ...
> > >
> > > Heh, actually not :) It is due to commit
> > >
> > > commit 1f8266ff58840d698a1e96d2274189de1bdf7969
> > > Author: Jann Horn <jannh@...gle.com>
> > > Date:   Thu Sep 13 18:12:09 2018 +0200
> > >
> > > which introduced might_sleep. Seems it is bad idea to send bug report
> > > without having a cup of coffee at the morning :)
> >
> > Yeah, I fixed one sleep-in-atomic bug and figured I'd throw a
> > might_sleep() in there for good measure... sigh.
> > I guess now I have to go through all the callers of
> > begin_current_label_crit_section() to see what else looks wrong...
> >
>
> Yes, I fear so. Need to check every caller just to be sure.
>
> > apparmor_ptrace_traceme() is wrong, as reported...
> >
> > apparmor_path_link() looks icky, but I'm not sure - from what I can
> > tell, it's called with an i_rwsem held for writing, and that probably
> > makes calling back into filesystem context from there a bad idea?
> > OTOH, it's just the i_rwsem of a newly-created path, so I don't know
> > whether that's actually an issue...
> >
> > security_path_rename() is called with two i_rwsem's held, but again,
> > I'm not sure whether that's a problem.
>
> Lets wait for fs people opinions.

No reply yet - I guess I should just fix up the traceme case for now.

Powered by blists - more mailing lists