[PATCH] Yama: Check for pid death before checking ancestry

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] Yama: Check for pid death before checking ancestry
@ 2019-01-16 18:31 Kees Cook
  2019-01-16 20:02 ` James Morris
  0 siblings, 1 reply; 3+ messages in thread
From: Kees Cook @ 2019-01-16 18:31 UTC (permalink / raw)
  To: James Morris
  Cc: Oleg Nesterov, Tetsuo Handa, Serge E. Hallyn, LKML,
	linux-security-module, syzbot, syzkaller-bugs

It's possible that a pid has died before we take the rcu lock, in which
case we can't walk the ancestry list as it may be detached. Instead, check
for death first before doing the walk.

Reported-by: syzbot+a9ac39bf55329e206219@syzkaller.appspotmail.com
Fixes: 2d514487faf1 ("security: Yama LSM")
Cc: stable@vger.kernel.org
Suggested-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
James, can you please send this to Linus in your -fixes tree?
---
 security/yama/yama_lsm.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
index ffda91a4a1aa..02514fe558b4 100644
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -368,7 +368,9 @@ static int yama_ptrace_access_check(struct task_struct *child,
 			break;
 		case YAMA_SCOPE_RELATIONAL:
 			rcu_read_lock();
-			if (!task_is_descendant(current, child) &&
+			if (!pid_alive(child))
+				rc = -EPERM;
+			if (!rc && !task_is_descendant(current, child) &&
 			    !ptracer_exception_found(current, child) &&
 			    !ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE))
 				rc = -EPERM;
-- 
2.17.1


-- 
Kees Cook

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] Yama: Check for pid death before checking ancestry
  2019-01-16 18:31 [PATCH] Yama: Check for pid death before checking ancestry Kees Cook
@ 2019-01-16 20:02 ` James Morris
  2019-01-16 20:02   ` James Morris
  0 siblings, 1 reply; 3+ messages in thread
From: James Morris @ 2019-01-16 20:02 UTC (permalink / raw)
  To: Kees Cook
  Cc: Oleg Nesterov, Tetsuo Handa, Serge E. Hallyn, LKML,
	linux-security-module, syzbot, syzkaller-bugs

On Wed, 16 Jan 2019, Kees Cook wrote:

> It's possible that a pid has died before we take the rcu lock, in which
> case we can't walk the ancestry list as it may be detached. Instead, check
> for death first before doing the walk.
> 
> Reported-by: syzbot+a9ac39bf55329e206219@syzkaller.appspotmail.com
> Fixes: 2d514487faf1 ("security: Yama LSM")
> Cc: stable@vger.kernel.org
> Suggested-by: Oleg Nesterov <oleg@redhat.com>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> James, can you please send this to Linus in your -fixes tree?

Done.

> ---
>  security/yama/yama_lsm.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
> index ffda91a4a1aa..02514fe558b4 100644
> --- a/security/yama/yama_lsm.c
> +++ b/security/yama/yama_lsm.c
> @@ -368,7 +368,9 @@ static int yama_ptrace_access_check(struct task_struct *child,
>  			break;
>  		case YAMA_SCOPE_RELATIONAL:
>  			rcu_read_lock();
> -			if (!task_is_descendant(current, child) &&
> +			if (!pid_alive(child))
> +				rc = -EPERM;
> +			if (!rc && !task_is_descendant(current, child) &&
>  			    !ptracer_exception_found(current, child) &&
>  			    !ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE))
>  				rc = -EPERM;
> 

-- 
James Morris
<jmorris@namei.org>


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] Yama: Check for pid death before checking ancestry
  2019-01-16 20:02 ` James Morris
@ 2019-01-16 20:02   ` James Morris
  0 siblings, 0 replies; 3+ messages in thread
From: James Morris @ 2019-01-16 20:02 UTC (permalink / raw)
  To: Kees Cook
  Cc: Oleg Nesterov, Tetsuo Handa, Serge E. Hallyn, LKML,
	linux-security-module, syzbot, syzkaller-bugs

On Thu, 17 Jan 2019, James Morris wrote:

> On Wed, 16 Jan 2019, Kees Cook wrote:
> 
> > It's possible that a pid has died before we take the rcu lock, in which
> > case we can't walk the ancestry list as it may be detached. Instead, check
> > for death first before doing the walk.
> > 
> > Reported-by: syzbot+a9ac39bf55329e206219@syzkaller.appspotmail.com
> > Fixes: 2d514487faf1 ("security: Yama LSM")
> > Cc: stable@vger.kernel.org
> > Suggested-by: Oleg Nesterov <oleg@redhat.com>
> > Signed-off-by: Kees Cook <keescook@chromium.org>
> > ---
> > James, can you please send this to Linus in your -fixes tree?
> 
> Done.

I mean, queued in that tree.

> 
> > ---
> >  security/yama/yama_lsm.c | 4 +++-
> >  1 file changed, 3 insertions(+), 1 deletion(-)
> > 
> > diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
> > index ffda91a4a1aa..02514fe558b4 100644
> > --- a/security/yama/yama_lsm.c
> > +++ b/security/yama/yama_lsm.c
> > @@ -368,7 +368,9 @@ static int yama_ptrace_access_check(struct task_struct *child,
> >  			break;
> >  		case YAMA_SCOPE_RELATIONAL:
> >  			rcu_read_lock();
> > -			if (!task_is_descendant(current, child) &&
> > +			if (!pid_alive(child))
> > +				rc = -EPERM;
> > +			if (!rc && !task_is_descendant(current, child) &&
> >  			    !ptracer_exception_found(current, child) &&
> >  			    !ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE))
> >  				rc = -EPERM;
> > 
> 
> 

-- 
James Morris
<jmorris@namei.org>


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2019-01-16 20:03 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-01-16 18:31 [PATCH] Yama: Check for pid death before checking ancestry Kees Cook
2019-01-16 20:02 ` James Morris
2019-01-16 20:02   ` James Morris

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.