| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87tv32cxmf.fsf_-_@x220.int.ebiederm.org>
Date: Thu, 05 Mar 2020 15:14:48 -0600
From: ebiederm@...ssion.com (Eric W. Biederman)
To: Bernd Edlinger <bernd.edlinger@...mail.de>
Cc: Christian Brauner <christian.brauner@...ntu.com>,
Kees Cook <keescook@...omium.org>,
Jann Horn <jannh@...gle.com>, Jonathan Corbet <corbet@....net>,
Alexander Viro <viro@...iv.linux.org.uk>,
Andrew Morton <akpm@...ux-foundation.org>,
Alexey Dobriyan <adobriyan@...il.com>,
Thomas Gleixner <tglx@...utronix.de>,
Oleg Nesterov <oleg@...hat.com>,
Frederic Weisbecker <frederic@...nel.org>,
Andrei Vagin <avagin@...il.com>,
Ingo Molnar <mingo@...nel.org>,
"Peter Zijlstra \(Intel\)" <peterz@...radead.org>,
Yuyang Du <duyuyang@...il.com>,
David Hildenbrand <david@...hat.com>,
Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
Anshuman Khandual <anshuman.khandual@....com>,
David Howells <dhowells@...hat.com>,
James Morris <jamorris@...ux.microsoft.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Shakeel Butt <shakeelb@...gle.com>,
Jason Gunthorpe <jgg@...pe.ca>,
Christian Kellner <christian@...lner.me>,
Andrea Arcangeli <aarcange@...hat.com>,
Aleksa Sarai <cyphar@...har.com>,
"Dmitry V. Levin" <ldv@...linux.org>,
"linux-doc\@vger.kernel.org" <linux-doc@...r.kernel.org>,
"linux-kernel\@vger.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-fsdevel\@vger.kernel.org" <linux-fsdevel@...r.kernel.org>,
"linux-mm\@kvack.org" <linux-mm@...ck.org>,
"stable\@vger.kernel.org" <stable@...r.kernel.org>,
"linux-api\@vger.kernel.org" <linux-api@...r.kernel.org>
Subject: [PATCH 0/2] Infrastructure to allow fixing exec deadlocks
Bernd, everyone
This is how I think the infrastructure change should look that makes way
for fixing this issue.
- Correct the point of no return.
- Add a new mutex to replace cred_guard_mutex
Then I think it is just going through the existing
users of cred_guard_mutex and fixing them to use the new one.
There really aren't that many users of cred_guard_mutex so we should be
able to get through the easy ones fairly quickly. And anything that
isn't easy we can wait until we have a good fix.
The users of cred_guard_mutex that I saw were:
fs/proc/base.c:
proc_pid_attr_write
do_io_accounting
proc_pid_stack
proc_pid_syscall
proc_pid_personality
perf_event_open
mm_access
kcmp
pidfd_fget
seccomp_set_mode_filter
Bernd does this make sense to you?
I think we can fix the seccomp/no_new_privs issue with some careful
refactoring. We can probably do the same for ptrace but that appears
to need a little lsm bug fixing.
My goal here is to allow us to fix the uncontroversial easy bits. While
still allowing the difficult tricky bits to be fixed.
Eric W. Biederman (2):
exec: Properly mark the point of no return
exec: Add a exec_update_mutex to replace cred_guard_mutex
fs/exec.c | 11 ++++++++---
include/linux/binfmts.h | 7 ++++++-
include/linux/sched/signal.h | 9 ++++++++-
kernel/fork.c | 1 +
4 files changed, 23 insertions(+), 5 deletions(-)
Eric
Powered by blists - more mailing lists