From: Cyrill Gorcunov <gorcunov@openvz.org>
To: Oleg Nesterov <oleg@redhat.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>,
Pavel Emelyanov <xemul@parallels.com>,
Kees Cook <keescook@chromium.org>, Tejun Heo <tj@kernel.org>
Subject: Re: [RFC] c/r: prctl: Add ability to set new mm_struct::exe_file
Date: Mon, 5 Mar 2012 18:46:48 +0400 [thread overview]
Message-ID: <20120305144648.GA12341@moon> (raw)
In-Reply-To: <20120305142655.GC9393@redhat.com>
On Mon, Mar 05, 2012 at 03:26:55PM +0100, Oleg Nesterov wrote:
> > OK, I won't argue, probably this makes sense to make sure that
> > admin can't get a heart attack looking at /proc/pid/exe.
> >
> > But the O_RDONLY check looks strange. We are not going to write
> > to this file, we only set the name (and that is why I think it
> > should be mm->exe_path). What is the point to check that the file
> > was opened without FMODE_WRITE? Even if there were any security
> > risk the apllication can open this file again with the different
> > flags.
>
Hi Oleg!
Replying to both your email -- I wanted to be as close to open_exec
as possible. This prctl does cheat the kernel but with this tests
the cheating should be minimized (it's almost the same as open_exec
does).
> Seriously, I think we should cleanup this before c/r adds more
> ugliness. I'll try to make the patch today.
>
Cleanup what? If you mean this patch -- just point me what
should I do.
> And with all these checks I am no longer sure that fd is better
> than filename ;)
This security tests was a reason why I've used open_exec in
first version of the patch (and I still would prefer to
have open_exec here instead of fd).
As to allow-write-access -- it should be cleaned once process
finished, no?
Cyrill
next prev parent reply other threads:[~2012-03-05 14:46 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-29 15:16 [RFC] c/r: prctl: Add ability to set new mm_struct::exe_file Cyrill Gorcunov
2012-02-29 15:23 ` Pavel Emelyanov
2012-02-29 15:31 ` Cyrill Gorcunov
2012-02-29 19:24 ` Oleg Nesterov
2012-02-29 20:01 ` Cyrill Gorcunov
2012-03-01 18:06 ` Oleg Nesterov
2012-03-01 19:17 ` Cyrill Gorcunov
2012-03-01 19:41 ` Oleg Nesterov
2012-03-01 20:00 ` Cyrill Gorcunov
2012-03-02 15:03 ` Oleg Nesterov
2012-03-02 14:26 ` Cyrill Gorcunov
2012-03-02 15:26 ` Oleg Nesterov
2012-03-02 16:12 ` Cyrill Gorcunov
2012-03-03 22:33 ` Cyrill Gorcunov
2012-03-05 14:21 ` Oleg Nesterov
2012-03-05 14:26 ` Oleg Nesterov
2012-03-05 14:46 ` Cyrill Gorcunov [this message]
2012-03-05 15:40 ` Oleg Nesterov
2012-03-05 16:01 ` Cyrill Gorcunov
2012-03-05 16:31 ` Oleg Nesterov
2012-03-05 16:45 ` Cyrill Gorcunov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120305144648.GA12341@moon \
--to=gorcunov@openvz.org \
--cc=akpm@linux-foundation.org \
--cc=keescook@chromium.org \
--cc=kosaki.motohiro@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=tj@kernel.org \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.