| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <878skmsbyy.fsf_-_@x220.int.ebiederm.org>
Date: Fri, 28 Feb 2020 14:17:41 -0600
From: ebiederm@...ssion.com (Eric W. Biederman)
To: <linux-kernel@...r.kernel.org>
Cc: Al Viro <viro@...iv.linux.org.uk>,
Kernel Hardening <kernel-hardening@...ts.openwall.com>,
Linux API <linux-api@...r.kernel.org>,
Linux FS Devel <linux-fsdevel@...r.kernel.org>,
Linux Security Module <linux-security-module@...r.kernel.org>,
Akinobu Mita <akinobu.mita@...il.com>,
Alexey Dobriyan <adobriyan@...il.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Andy Lutomirski <luto@...nel.org>,
Daniel Micay <danielmicay@...il.com>,
Djalal Harouni <tixxdz@...il.com>,
"Dmitry V . Levin" <ldv@...linux.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Ingo Molnar <mingo@...nel.org>,
"J . Bruce Fields" <bfields@...ldses.org>,
Jeff Layton <jlayton@...chiereds.net>,
Jonathan Corbet <corbet@....net>,
Kees Cook <keescook@...omium.org>,
Oleg Nesterov <oleg@...hat.com>,
Alexey Gladkov <gladkov.alexey@...il.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Jeff Dike <jdike@...toit.com>,
Richard Weinberger <richard@....at>,
Anton Ivanov <anton.ivanov@...bridgegreys.com>
Subject: [PATCH 0/3] proc: Actually honor the mount options
Proc mount option handling is broken, and it has been since I
accidentally broke it in the middle 2006.
The problem is that because we perform an internal mount of proc
before user space mounts proc all of the mount options that user
specifies when mounting proc are ignored.
You can set those mount options with a remount but that is rather
surprising.
This most directly affects android which is using hidpid=2 by default.
Now that the sysctl system call support has been removed, and we have
settled on way of flushing proc dentries when a process exits without
using proc_mnt, there is an simple and easy fix.
a) Give UML mconsole it's own private mount of proc to use.
b) Stop creating the internal mount of proc
We still need Alexey Gladkov's full patch to get proc mount options to
work inside of UML, and to be generally useful. This set of changes
is just enough to get them working as well as they have in the past.
If anyone sees any problem with this code please let me know.
Otherwise I plan to merge these set of fixes through my tree.
Link: https://lore.kernel.org/lkml/87r21tuulj.fsf@x220.int.ebiederm.org/
Link: https://lore.kernel.org/lkml/871rqk2brn.fsf_-_@x220.int.ebiederm.org/
Link: https://lore.kernel.org/lkml/20200210150519.538333-1-gladkov.alexey@gmail.com/
Link: https://lore.kernel.org/lkml/20180611195744.154962-1-astrachan@google.com/
Fixes: e94591d0d90c ("proc: Convert proc_mount to use mount_ns.")
Eric W. Biederman (3):
uml: Don't consult current to find the proc_mnt in mconsole_proc
uml: Create a private mount of proc for mconsole
proc: Remove the now unnecessary internal mount of proc
arch/um/drivers/mconsole_kern.c | 28 +++++++++++++++++++++++++++-
fs/proc/root.c | 36 ------------------------------------
include/linux/pid_namespace.h | 2 --
include/linux/proc_ns.h | 5 -----
kernel/pid.c | 8 --------
kernel/pid_namespace.c | 7 -------
6 files changed, 27 insertions(+), 59 deletions(-)
Eric
Powered by blists - more mailing lists