lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <D3HA23RMEIJ8.2AHOMIYR3J6F3@kernel.org>
Date: Fri, 16 Aug 2024 13:52:00 +0300
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "Jann Horn" <jannh@...gle.com>, "David Howells" <dhowells@...hat.com>
Cc: "Jeffrey Altman" <jaltman@...istor.com>, <openafs-devel@...nafs.org>,
 "Paul Moore" <paul@...l-moore.com>, "James Morris" <jmorris@...ei.org>,
 "Serge E. Hallyn" <serge@...lyn.com>, "John Johansen"
 <john.johansen@...onical.com>, Mickaël Salaün
 <mic@...ikod.net>, Günther Noack <gnoack@...gle.com>,
 "Stephen Smalley" <stephen.smalley.work@...il.com>, "Ondrej Mosnacek"
 <omosnace@...hat.com>, "Casey Schaufler" <casey@...aufler-ca.com>,
 <linux-afs@...ts.infradead.org>, <linux-kernel@...r.kernel.org>,
 <linux-security-module@...r.kernel.org>, <apparmor@...ts.ubuntu.com>,
 <keyrings@...r.kernel.org>, <selinux@...r.kernel.org>
Subject: Re: Can KEYCTL_SESSION_TO_PARENT be dropped entirely? -- was Re:
 [PATCH v2 1/2] KEYS: use synchronous task work for changing parent
 credentials

On Thu Aug 15, 2024 at 10:59 PM EEST, Jann Horn wrote:
> On Thu, Aug 15, 2024 at 9:46 PM David Howells <dhowells@...hat.com> wrote:
> > Jann Horn <jannh@...gle.com> wrote:
> >
> > > Rewrite keyctl_session_to_parent() to run task work on the parent
> > > synchronously, so that any errors that happen in the task work can be
> > > plumbed back into the syscall return value in the child.
> >
> > The main thing I worry about is if there's a way to deadlock the child and the
> > parent against each other.  vfork() for example.
>
> Yes - I think it would work fine for scenarios like using
> KEYCTL_SESSION_TO_PARENT from a helper binary against the shell that
> launched the helper (which I think is the intended usecase?), but
> there could theoretically be constellations where it would cause an
> (interruptible) hang if the parent is stuck in
> uninterruptible/killable sleep.
>
> I think vfork() is rather special in that it does a killable wait for
> the child to exit or execute; and based on my understanding of the
> intended usecase of KEYCTL_SESSION_TO_PARENT, I think normally
> KEYCTL_SESSION_TO_PARENT would only be used by a child that has gone
> through execve?

Could this encapsulated to a kselftest? Like having host process
that forks the payload and send SIGINT. That could be deployed e.g
to tools/testing/selftests/keys. Would be nice to be able to try
this out with a low barrier.

Doing this type of testing is different axis than keyutils test suite
IMHO. That would be also great starting point for adding concurrency
tests in future.

Could be done either in C or Python.

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ