From: Oleg Nesterov <oleg@redhat.com>
To: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Dmitry Vyukov <dvyukov@google.com>,
Alexander Potapenko <glider@google.com>,
Eric Dumazet <edumazet@google.com>,
Jan Kratochvil <jan.kratochvil@redhat.com>,
Julien Tinnes <jln@google.com>, Kees Cook <keescook@google.com>,
Kostya Serebryany <kcc@google.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
"Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>,
Pedro Alves <palves@redhat.com>,
Robert Swiecki <swiecki@google.com>,
Roland McGrath <roland@hack.frob.com>,
syzkaller@googlegroups.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/2] wait/ptrace: always assume __WALL if the child is traced
Date: Wed, 21 Oct 2015 23:47:03 +0200 [thread overview]
Message-ID: <20151021214703.GA1810@redhat.com> (raw)
In-Reply-To: <5627F607.4050506@redhat.com>
On 10/21, Denys Vlasenko wrote:
>
> On 10/21/2015 09:59 PM, Denys Vlasenko wrote:
> > On 10/21/2015 12:31 AM, Andrew Morton wrote:
> >> Well, to fix this a distro needs to roll out a new kernel. Or a new
> >> init(8). Is there any reason to believe that distributing/deploying a
> >> new kernel is significantly easier for everyone? Because fixing init
> >> sounds like a much preferable solution to this problem.
> >
> > People will continue to write new init(8) implementations,
> > and they will miss this obscure case.
> >
> > Before this bug was found, it was considered possible to use
> > a shell script as init process. What now, every shell needs to add
> > __WALL to its waitpids?
Why not? I think it can safely use __WALL too.
> > The use of PTRACE_TRACEME in this reproducer is clearly pathological:
> > PTRACE_TRACEME was never intended to be used to attach to unsuspecting
> > processes.
Sure. But people do the things which were never intended to be
used all the time. We simply can not know if this "feature"
already has a creative user or not.
As for the patch,
> --- a/kernel/ptrace.c
> +++ b/kernel/ptrace.c
> @@ -385,6 +385,17 @@ static int ptrace_traceme(void)
> write_lock_irq(&tasklist_lock);
> /* Are we already being traced? */
> if (!current->ptrace) {
> + struct pid_namespace *pid_ns;
> +
> + pid_ns = task_active_pid_ns(current->parent);
> + if (current->parent == pid_ns->child_reaper) {
Well, at least this needs same_thread_group(parent, child_reaper).
Plus we have PR_SET_CHILD_SUBREAPER so we also need to traverse the
->real_parent list if has_subreaper.
Finally it is not clear which ->child_reaper we should use after
setns(pidns_fd).
This all is fixable (although this again reminds me about a bug
with CHILD_SUBREAPER we probably need to fix first). But I didn't
even try to consider this option because it can break something.
And honestly, personally I don't like it. If we believe that we
can do this because "PTRACE_TRACEME was never intended to be used
to attach to unsuspecting processes", then we need a more generic
change, imo.
See http://marc.info/?l=linux-kernel&m=144536282305282 . Just in
case, it is not that I think "parent_exec_id != self_exec_id" is
all we need. This needs more discussion.
Oleg.
next prev parent reply other threads:[~2015-10-21 21:50 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-20 17:17 [PATCH 0/2] wait/ptrace: always assume __WALL if the child is traced Oleg Nesterov
2015-10-20 17:17 ` [PATCH 1/2] " Oleg Nesterov
2015-10-20 22:31 ` Andrew Morton
2015-10-21 3:27 ` Vasily Averin
2015-10-21 17:41 ` Oleg Nesterov
2015-10-21 19:47 ` Andrew Morton
2015-10-21 20:44 ` Oleg Nesterov
2015-10-21 19:59 ` Denys Vlasenko
2015-10-21 20:31 ` Denys Vlasenko
2015-10-21 21:47 ` Oleg Nesterov [this message]
2015-10-21 23:27 ` Denys Vlasenko
2015-10-25 15:54 ` Oleg Nesterov
2015-10-26 12:08 ` Pedro Alves
2015-10-28 16:11 ` Oleg Nesterov
2015-10-28 15:43 ` Pedro Alves
2015-10-28 19:02 ` Oleg Nesterov
2015-10-22 13:51 ` Denys Vlasenko
2015-10-20 17:17 ` [PATCH 2/2] wait: allow sys_waitid() to use __WNOTHREAD/__WCLONE/__WALL Oleg Nesterov
2015-10-20 17:36 ` [PATCH 0/2] wait/ptrace: always assume __WALL if the child is traced Oleg Nesterov
2015-10-22 14:40 ` Pedro Alves
2015-10-25 15:42 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151021214703.GA1810@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=dvlasenk@redhat.com \
--cc=dvyukov@google.com \
--cc=edumazet@google.com \
--cc=glider@google.com \
--cc=jan.kratochvil@redhat.com \
--cc=jln@google.com \
--cc=kcc@google.com \
--cc=keescook@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mtk.manpages@gmail.com \
--cc=palves@redhat.com \
--cc=roland@hack.frob.com \
--cc=swiecki@google.com \
--cc=syzkaller@googlegroups.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.