lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 27 Apr 2021 09:31:58 -0400 (EDT)
From:   Mathieu Desnoyers <mathieu.desnoyers@...icios.com>
To:     Oleg Nesterov <oleg@...hat.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        "Eric W. Biederman" <ebiederm@...ssion.com>,
        Eugene Syromiatnikov <esyr@...hat.com>,
        Jan Kratochvil <jan.kratochvil@...hat.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Michael Kerrisk <mtk.manpages@...il.com>,
        Pedro Alves <palves@...hat.com>,
        Simon Marchi <simon.marchi@...icios.com>,
        linux-kernel <linux-kernel@...r.kernel.org>,
        Greg KH <greg@...ah.com>
Subject: Re: [PATCH RESEND] ptrace: make ptrace() fail if the tracee changed
 its pid unexpectedly

----- On Apr 27, 2021, at 2:26 AM, Oleg Nesterov oleg@...hat.com wrote:
[...]
>> Is this something that should also target stable kernels ? AFAIU this change
>> won't break debuggers more that they are already in this scenario. Or maybe
>> it makes them fail in more obvious ways ?
> 
> Well, I am not sure this is stable material...
> 
> To me the problem is minor, and the patch adds the user-visible change.
> I think it would be safer to not add stable tag.

I'm fine either way. So given the relatively small impact of this problem
(not critical), this ptrace fix may not be worthy of a stable tag.

I just find it odd that a patch fixing an ABI design flaw ends up not being
CC'd to stable, but also does not expose any way for user-space to discover
this altered ABI behavior. It's a rather weird middle-ground between a fix
and a new feature.

That being said, there was no prior way for user-space to achieve a correct
behavior before this patch, so making it discoverable is kind of pointless.

Thanks,

Mathieu

-- 
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ