From: Vasiliy Kulikov <segoon@openwall.com>
To: Balbir Singh <bsingharora@gmail.com>
Cc: linux-kernel@vger.kernel.org,
Balbir Singh <balbir@linux.vnet.ibm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Al Viro <viro@zeniv.linux.org.uk>,
David Rientjes <rientjes@google.com>,
Stephen Wilson <wilsons@start.ca>,
KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>,
security@kernel.org, Eric Paris <eparis@redhat.com>,
Solar Designer <solar@openwall.com>
Subject: Re: [PATCH 2/2] taskstats: restrict access to user
Date: Wed, 29 Jun 2011 15:42:11 +0400 [thread overview]
Message-ID: <20110629114211.GA29701@albatros> (raw)
In-Reply-To: <BANLkTi=dTHGK1QVs+g2tA6WocQ64SPPF3g@mail.gmail.com>
On Wed, Jun 29, 2011 at 06:57 +0530, Balbir Singh wrote:
> On Fri, Jun 24, 2011 at 5:39 PM, Vasiliy Kulikov <segoon@openwall.com> wrote:
> > taskstats information may be used for gathering private information.
> > E.g. for openssh and vsftpd daemons read_characters/write_characters may
> > be used to learn the precise password length. Restrict it to processes
> > being able to ptrace the target process.
> >
> > For TASKSTATS_CMD_ATTR_REGISTER_CPUMASK the fix is euid check instead of
> > a ptrace check as the handler is processed in the context of the target
> > process, not the listener process'. When ptrace_task_may_access_current()
> > is introduced, it should be used instead of euid check. Currently there
> > is a small race when a process temporarily changes its euid (e.g. to
> > access user's files), until the process sets euid back user's processes
> > may gather privileged process' statistics.
> >
> > Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
> > ---
> > kernel/taskstats.c | 23 ++++++++++++++++++++++-
> > 1 files changed, 22 insertions(+), 1 deletions(-)
> >
> > diff --git a/kernel/taskstats.c b/kernel/taskstats.c
> > index 9ffea36..d92c95a 100644
> > --- a/kernel/taskstats.c
> > +++ b/kernel/taskstats.c
> > @@ -27,6 +27,7 @@
> > #include <linux/cgroup.h>
> > #include <linux/fs.h>
> > #include <linux/file.h>
> > +#include <linux/ptrace.h>
> > #include <net/genetlink.h>
> > #include <asm/atomic.h>
> >
> > @@ -132,6 +133,8 @@ static void send_cpu_listeners(struct sk_buff *skb,
> > struct sk_buff *skb_next, *skb_cur = skb;
> > void *reply = genlmsg_data(genlhdr);
> > int rc, delcount = 0;
> > + const struct cred *cred = current_cred();
> > + struct task_struct *task;
> >
> > rc = genlmsg_end(skb, reply);
> > if (rc < 0) {
> > @@ -142,6 +145,15 @@ static void send_cpu_listeners(struct sk_buff *skb,
> > rc = 0;
> > down_read(&listeners->sem);
>
> Why not grab RCU lock here
Yes, it makes sense. I was thinking about not holding a lock for a too
long time, but it should be rather cheap anyway.
Thank you,
--
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments
next prev parent reply other threads:[~2011-06-29 11:42 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-24 12:09 [PATCH 2/2] taskstats: restrict access to user Vasiliy Kulikov
2011-06-29 1:27 ` Balbir Singh
2011-06-29 11:42 ` Vasiliy Kulikov [this message]
2011-06-29 20:17 ` Vasiliy Kulikov
2011-07-02 7:36 ` [kernel-hardening] " Vasiliy Kulikov
2011-07-02 7:36 ` Vasiliy Kulikov
2011-07-04 2:57 ` [kernel-hardening] " Balbir Singh
2011-07-04 2:57 ` Balbir Singh
2011-07-04 17:45 ` [kernel-hardening] " Vasiliy Kulikov
2011-07-04 17:45 ` Vasiliy Kulikov
2011-07-07 8:55 ` [kernel-hardening] " Vasiliy Kulikov
2011-07-07 8:55 ` Vasiliy Kulikov
2011-07-07 11:53 ` [kernel-hardening] " Balbir Singh
2011-07-07 11:53 ` Balbir Singh
2011-07-07 16:23 ` [kernel-hardening] " Vasiliy Kulikov
2011-07-07 16:23 ` Vasiliy Kulikov
2011-07-09 15:36 ` [kernel-hardening] " Balbir Singh
2011-07-09 15:36 ` Balbir Singh
2011-07-11 14:07 ` [kernel-hardening] " Vasiliy Kulikov
2011-07-11 14:07 ` Vasiliy Kulikov
2011-06-29 20:09 ` [Security] " Linus Torvalds
2011-06-30 7:57 ` [kernel-hardening] " Vasiliy Kulikov
2011-06-30 7:57 ` Vasiliy Kulikov
2011-06-30 10:59 ` [kernel-hardening] " Balbir Singh
2011-06-30 10:59 ` Balbir Singh
2011-06-30 12:08 ` [kernel-hardening] " Vasiliy Kulikov
2011-06-30 12:08 ` Vasiliy Kulikov
2011-06-30 16:40 ` [kernel-hardening] " Linus Torvalds
2011-06-30 16:40 ` Linus Torvalds
2011-07-01 3:02 ` [kernel-hardening] " Balbir Singh
2011-07-01 3:02 ` Balbir Singh
2011-09-19 16:40 ` [kernel-hardening] " Linus Torvalds
2011-09-19 16:40 ` Linus Torvalds
2011-09-19 17:20 ` [kernel-hardening] " Balbir Singh
2011-09-19 17:20 ` Balbir Singh
2011-09-19 17:39 ` [kernel-hardening] " Vasiliy Kulikov
2011-09-19 17:39 ` Vasiliy Kulikov
2011-09-19 17:45 ` [kernel-hardening] " Linus Torvalds
2011-09-19 17:45 ` Linus Torvalds
2011-09-20 3:35 ` [kernel-hardening] " Eric W. Biederman
2011-09-20 3:35 ` Eric W. Biederman
2011-09-20 5:47 ` [kernel-hardening] " Alexey Dobriyan
2011-09-20 5:47 ` Alexey Dobriyan
2011-09-19 17:47 ` [kernel-hardening] " Balbir Singh
2011-09-19 17:47 ` Balbir Singh
2011-09-19 18:29 ` [kernel-hardening] " Andi Kleen
2011-09-19 18:29 ` Andi Kleen
2011-09-19 18:32 ` [kernel-hardening] " Linus Torvalds
2011-09-19 18:32 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110629114211.GA29701@albatros \
--to=segoon@openwall.com \
--cc=akpm@linux-foundation.org \
--cc=balbir@linux.vnet.ibm.com \
--cc=bsingharora@gmail.com \
--cc=eparis@redhat.com \
--cc=kosaki.motohiro@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rientjes@google.com \
--cc=security@kernel.org \
--cc=solar@openwall.com \
--cc=viro@zeniv.linux.org.uk \
--cc=wilsons@start.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.