lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon, 21 Dec 2020 14:04:37 -0600
From:   ebiederm@...ssion.com (Eric W. Biederman)
To:     Oleg Nesterov <oleg@...hat.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Eugene Syromiatnikov <esyr@...hat.com>,
        Jan Kratochvil <jan.kratochvil@...hat.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
        Michael Kerrisk <mtk.manpages@...il.com>,
        Pedro Alves <palves@...hat.com>,
        Simon Marchi <simon.marchi@...icios.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH] ptrace: make ptrace() fail if the tracee changed its pid unexpectedly

Oleg Nesterov <oleg@...hat.com> writes:

> On 12/17, Eric W. Biederman wrote:
>>
>> Oleg Nesterov <oleg@...hat.com> writes:
>>
>> > Suppose we have 2 threads, the group-leader L and a sub-theread T,
>> > both parked in ptrace_stop(). Debugger tries to resume both threads
>> > and does
>> >
>> > 	ptrace(PTRACE_CONT, T);
>> > 	ptrace(PTRACE_CONT, L);
>> >
>> > If the sub-thread T execs in between, the 2nd PTRACE_CONT doesn not
>> > resume the old leader L, it resumes the post-exec thread T which was
>> > actually now stopped in PTHREAD_EVENT_EXEC. In this case the
>> > PTHREAD_EVENT_EXEC event is lost, and the tracer can't know that the
>> > tracee changed its pid.
>>
>> The change seems sensible.  I don't expect this is common but it looks
>> painful to deal with if it happens.
>
> Yes, this is not a bug, but gdb can't handle this case without some help
> from the kernel.

>> I admit this a threaded PTRACE_EVENT_EXEC is the only event we are
>> likely to miss but still.
>
> Yes, this is the only event debugger can miss even if it uses wait()
> correctly.

I think that is my confusion with the patch.  The uniqueness of this
case is not described well.


Eric

Powered by blists - more mailing lists