| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202401221328.5E7A82C32@keescook> Date: Mon, 22 Jan 2024 13:30:50 -0800 From: Kees Cook <keescook@...omium.org> To: Bernd Edlinger <bernd.edlinger@...mail.de> Cc: Oleg Nesterov <oleg@...hat.com>, Alexander Viro <viro@...iv.linux.org.uk>, Alexey Dobriyan <adobriyan@...il.com>, Andy Lutomirski <luto@...capital.net>, Will Drewry <wad@...omium.org>, Christian Brauner <brauner@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, Michal Hocko <mhocko@...e.com>, Serge Hallyn <serge@...lyn.com>, James Morris <jamorris@...ux.microsoft.com>, Randy Dunlap <rdunlap@...radead.org>, Suren Baghdasaryan <surenb@...gle.com>, Yafang Shao <laoar.shao@...il.com>, Helge Deller <deller@....de>, "Eric W. Biederman" <ebiederm@...ssion.com>, Adrian Reber <areber@...hat.com>, Thomas Gleixner <tglx@...utronix.de>, Jens Axboe <axboe@...nel.dk>, Alexei Starovoitov <ast@...nel.org>, "linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, linux-kselftest@...r.kernel.org, linux-mm@...ck.org, tiozhang <tiozhang@...iglobal.com>, Luis Chamberlain <mcgrof@...nel.org>, "Paulo Alcantara (SUSE)" <pc@...guebit.com>, Sergey Senozhatsky <senozhatsky@...omium.org>, Frederic Weisbecker <frederic@...nel.org>, YueHaibing <yuehaibing@...wei.com>, Paul Moore <paul@...l-moore.com>, Aleksa Sarai <cyphar@...har.com>, Stefan Roesch <shr@...kernel.io>, Chao Yu <chao@...nel.org>, xu xin <xu.xin16@....com.cn>, Jeff Layton <jlayton@...nel.org>, Jan Kara <jack@...e.cz>, David Hildenbrand <david@...hat.com>, Dave Chinner <dchinner@...hat.com>, Shuah Khan <shuah@...nel.org>, Zheng Yejian <zhengyejian1@...wei.com>, Elena Reshetova <elena.reshetova@...el.com>, David Windsor <dwindsor@...il.com>, Mateusz Guzik <mjguzik@...il.com>, Ard Biesheuvel <ardb@...nel.org>, "Joel Fernandes (Google)" <joel@...lfernandes.org>, "Matthew Wilcox (Oracle)" <willy@...radead.org>, Hans Liljestrand <ishkamiel@...il.com> Subject: Re: [PATCH v14] exec: Fix dead-lock in de_thread with ptrace_attach On Mon, Jan 22, 2024 at 02:24:37PM +0100, Bernd Edlinger wrote: > The main concern was when a set-suid program is executed by execve. > Then it makes a difference if the current thread is traced before the > execve or not. That means if the current thread is already traced, > the decision, which credentials will be used is different than otherwise. > > So currently there are two possbilities, either the trace happens > before the execve, and the suid-bit will be ignored, or the trace > happens after the execve, but it is checked that the now potentially > more privileged credentials allow the tracer to proceed. > > With this patch we will have a third prossibility, that is in order > to avoid the possible dead-lock we allow the suid-bit to take effect, > but only if the tracer's privileges allow both to attach the current > credentials and the new credentials. But I would only do that as > a last resort, to avoid the possible dead-lock, and not unless a dead-lock > is really expected to happen. Instead of doing this special cred check (which I am worried could become fragile -- I'd prefer all privilege checks happen in the same place and in the same way...), could we just fail the ptrace_attach of the execve? -- Kees Cook
Powered by blists - more mailing lists