lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200324200846.GA24230@redhat.com>
Date:   Tue, 24 Mar 2020 21:08:46 +0100
From:   Oleg Nesterov <oleg@...hat.com>
To:     "Eric W. Biederman" <ebiederm@...ssion.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Davidlohr Bueso <dave@...olabs.net>,
        Manfred Spraul <manfred@...orfullife.com>,
        Markus Elfring <elfring@...rs.sourceforge.net>,
        Yoji <yoji.fujihar.min@...il.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ipc/mqueue.c: change __do_notify() to bypass
 check_kill_permission()

Meanwhile, let me send V2. I added the comment and updated the changelog.

On 03/24, Oleg Nesterov wrote:
>
> On 03/23, Eric W. Biederman wrote:
> >
> > So far what we have is a report Oleg has read somewhere that some
> > program doing something regressed, and his patch to fix that specific
> > program.  This problem was not noticed for several years.
>
> Yes, this was reported on bugzilla.redhat.com, I'll add you to CC list.
>
> > Presumably the problem is that a message queue was written to by one
> > user and was read by another user to cause check_kill_permission to
> > fail. Can someone tell me if that was the case?
>
> I do not know. Yoji, did you hit this bug or did you find it by code
> inspection ?
>
> > So I am looking for something that makes it clear we are not removing
> > a permission checking and backporting a security hole.
>
> Yes, I thought about this too. I can be easily wrong, please correct me,
> but I came to conclusion the old behaviour (no permission check) is fine
> security-wise.
>
> > Further even if in the common case it is the right thing to do to remove
> > the permission check, the handling around exec looks bad enough that we
> > will be backporting a security hole if we don't fix that and backport
> > that at the same time.
>
> could you explain what exactly you do not like wrt mq_notify/exec ?
> I must have missed something.
>
> > p.s. I am grouchy as temporary fixes in this part of the code base
> >      don't tend to be temporary  and the entire signal/exec/ptrace world
> >      is bordering on unmaintainble and incomprehensible as a result.
>
> Eric, please feel free to make another fix you like more. I know that
> I can't convince you anyway, I won't argue.
> Oleg.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ