From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from thejh.net ([37.221.195.125]:35155 "EHLO thejh.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757141AbcKBVki (ORCPT ); Wed, 2 Nov 2016 17:40:38 -0400 Date: Wed, 2 Nov 2016 22:40:34 +0100 From: Jann Horn To: Oleg Nesterov Cc: Linus Torvalds , Alexander Viro , Roland McGrath , John Johansen , James Morris , "Serge E. Hallyn" , Paul Moore , Stephen Smalley , Eric Paris , Casey Schaufler , Kees Cook , Andrew Morton , Janis Danisevskis , Seth Forshee , "Eric W. Biederman" , Thomas Gleixner , Benjamin LaHaise , Ben Hutchings , Andy Lutomirski , Krister Johansen , linux-fsdevel , LSM List , "security@kernel.org" Subject: Re: [PATCH v3 0/8] Various fixes related to ptrace_may_access() Message-ID: <20161102214034.GG8196@pc.thejh.net> References: <1477863998-3298-1-git-send-email-jann@thejh.net> <20161102183826.GD1112@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="poJSiGMzRSvrLGLs" Content-Disposition: inline In-Reply-To: <20161102183826.GD1112@redhat.com> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: --poJSiGMzRSvrLGLs Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 02, 2016 at 07:38:26PM +0100, Oleg Nesterov wrote: > On 11/01, Linus Torvalds wrote: > > > > Oleg, you're really the obvious maintainer choice at least for some of > > this, >=20 > Well. I still disagree with 1/8, I think we need to fix and cleanup > the usage of cred_guard_mutex we already have. And to me the additional > complications added by, say, 4/8 make no sense, we can make a much more > simple change to avoid this leak "in practice". >=20 > But. I never pretended I understand the security problems. So I won't > really argue with these changes. No, I think it's good that you make me think about this stuff properly. And I do sometimes get overzealous with trying to do thing "completely correctly". See the mail I sent earlier today for my opinion on the deadlocking potential related to 1/8. Basically, I think that my patch doesn't make things worse and makes subsequent cleanup work, which should fix most of the current deadlocking trouble, easier. I think that the remaining edcecase (concurrent PTRACE_ATTACH and execve) would be at least hard to fix, maybe even unfixable without API changes. If anyone has ideas on how we could completely prevent userspace from deadlocking itself there without changing the ABI, please speak up. Does that make sense? If so, do you want a cred_guard_mutex->cred_guard_light conversion in this series or afterwards? Regarding 4/8, see the other message I just sent. --poJSiGMzRSvrLGLs Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJYGl1SAAoJED4KNFJOeCOocj4P/jm5Ii6O+yej60n+lu+ygY8l fdx05T7Hc41jLplhxaUEwwz/mqC45LKn1WdoNlPmKOyqgWxrC+LKIHROBYE3fIxE ybQ3LRDDUWCEuz/wAMlflWV/eZrnkScS9+2np6yb6fXHp3OfTUQGbDW9K0GEjpdI Cm0NNMwzDgyB3lz/67VDqJQ93+IGhxioxue6ZiUj8Rp2jkd2xtr3qD3sOHrb0JQB xEMA9HTVmbJPg010rjCbManEMl2UC124B0E5WfUMkskOEdsu/gi3+/IgUep0MkLQ IKYXDcfoUQtXfYzVTJ/Dj+xkg3tubqpNUU4OkHEXCW/5Zk3hynChlYtjGJNKltG4 Zazi32V1qoxXpnhDg/l+0cBRBFHvs47WG16uI9LznFmVbq3p5ttPRELLHzF8f5Gn nzvEDfQ+k0QUklmb36mHk9HoiXWUSQz4HjANE1k//6MSbdtBwgq3aHH0f4cRhO20 KMapPcU3XYcO+m9eJ0ED1XDBgp05pj9xp3OiimgkpT1eA6LI6g6HJzwfFq3K62Xz 5oj7drPzAYtSP5TtQd/5vWn0pqq01oFNwEIMGw5vNWjl/2oguKyCLC8PJNXuASnv cPMZ6hQFDMV82BHJTnND0CVlYNp5Dhps8gSkopmmam9tTCsJuMjSfAEo/kZjz2xc D24IXD+IxdvPOVyFtkgb =RZ6t -----END PGP SIGNATURE----- --poJSiGMzRSvrLGLs--