From: Hagen Paul Pfeifer <hagen@jauu.net>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>,
Aleksa Sarai <cyphar@cyphar.com>,
Christian Brauner <christian.brauner@ubuntu.com>,
Arnd Bergmann <arnd@arndb.de>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Jann Horn <jannh@google.com>,
kernel list <linux-kernel@vger.kernel.org>,
Florian Weimer <fweimer@redhat.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Christian Brauner <christian@brauner.io>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
"H. Peter Anvin" <hpa@zytor.com>, Brian Gerst <brgerst@gmail.com>,
Sami Tolvanen <samitolvanen@google.com>,
David Howells <dhowells@redhat.com>,
Andy Lutomirski <luto@kernel.org>,
Oleg Nesterov <oleg@redhat.com>,
Arnaldo Carvalho de Melo <acme@redhat.com>,
Sargun Dhillon <sargun@sargun.me>,
Linux API <linux-api@vger.kernel.org>,
linux-arch <linux-arch@vger.kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Re: [RFC v2] ptrace, pidfd: add pidfd_ptrace syscall
Date: Tue, 28 Apr 2020 08:39:35 +0200 [thread overview]
Message-ID: <20200428063935.GA5660@laniakea> (raw)
In-Reply-To: <CAHk-=whQzOsh9O2uhUO2VETD+hrzjKMpEJpzoUby5QHMcvgPKg@mail.gmail.com>
* Linus Torvalds | 2020-04-27 21:28:14 [-0700]:
>> I hate to say this, but I’m not convinced that asking the gdb folks is
>> the right approach. GDB has an ancient architecture and is
>> *incredibly* buggy. I’m sure ptrace is somewhere on the pain point
>> list, but I suspect it’s utterly dwarfed by everything else.
>
>You may be right. However, if gdbn isn't going to use it, then I
>seriously don't think it's worth changing much.
>
>It might be worth looking at people who don't use ptrace() for
>debugging, but for "incidental" reasons. IOW sandboxing, tracing,
>things like that.
>
>Maybe those people want things that are simpler and don't actually
>need the kinds of hard serialization that ptrace() wants.
>
>I'd rather add a few really simple things that might not be a full
>complement of operations for a debugger, but exactly because they
>aren't a full debugger, maybe they are things that we can tell are
>obviously secure and simple?
Okay, to sum up the the whole discussion: we go forward with Jann's proposal
by simple adding PTRACE_ATTACH_PIDFD and friends. This is the minimal invasive
solution and the risk of an potenial security problem is almost not present[TM].
Changing the whole ptrace API is a different beast. I rather believe that I
see Linus Linux successor rather than a ptrace successor.
I am fine with PTRACE_ATTACH_PIDFD!
Hagen
WARNING: multiple messages have this Message-ID (diff)
From: Hagen Paul Pfeifer <hagen@jauu.net>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>,
Aleksa Sarai <cyphar@cyphar.com>,
Christian Brauner <christian.brauner@ubuntu.com>,
Arnd Bergmann <arnd@arndb.de>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Jann Horn <jannh@google.com>,
kernel list <linux-kernel@vger.kernel.org>,
Florian Weimer <fweimer@redhat.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Christian Brauner <christian@brauner.io>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
"H. Peter Anvin" <hpa@zytor.com>, Brian Gerst <brgerst@gmail.com>,
Sami Tolvanen <samitolvanen@google.com>,
David Howells <dhowells@redhat.com>,
Andy Lutomirski <luto@kernel.org>,
Oleg Nesterov <oleg@redhat.com>,
Arnaldo Carvalho de Melo <acme@redhat.com>,
Sargun
Subject: Re: [RFC v2] ptrace, pidfd: add pidfd_ptrace syscall
Date: Tue, 28 Apr 2020 08:39:35 +0200 [thread overview]
Message-ID: <20200428063935.GA5660@laniakea> (raw)
In-Reply-To: <CAHk-=whQzOsh9O2uhUO2VETD+hrzjKMpEJpzoUby5QHMcvgPKg@mail.gmail.com>
* Linus Torvalds | 2020-04-27 21:28:14 [-0700]:
>> I hate to say this, but I’m not convinced that asking the gdb folks is
>> the right approach. GDB has an ancient architecture and is
>> *incredibly* buggy. I’m sure ptrace is somewhere on the pain point
>> list, but I suspect it’s utterly dwarfed by everything else.
>
>You may be right. However, if gdbn isn't going to use it, then I
>seriously don't think it's worth changing much.
>
>It might be worth looking at people who don't use ptrace() for
>debugging, but for "incidental" reasons. IOW sandboxing, tracing,
>things like that.
>
>Maybe those people want things that are simpler and don't actually
>need the kinds of hard serialization that ptrace() wants.
>
>I'd rather add a few really simple things that might not be a full
>complement of operations for a debugger, but exactly because they
>aren't a full debugger, maybe they are things that we can tell are
>obviously secure and simple?
Okay, to sum up the the whole discussion: we go forward with Jann's proposal
by simple adding PTRACE_ATTACH_PIDFD and friends. This is the minimal invasive
solution and the risk of an potenial security problem is almost not present[TM].
Changing the whole ptrace API is a different beast. I rather believe that I
see Linus Linux successor rather than a ptrace successor.
I am fine with PTRACE_ATTACH_PIDFD!
Hagen
next prev parent reply other threads:[~2020-04-28 6:39 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-26 13:01 [RFC] ptrace, pidfd: add pidfd_ptrace syscall Hagen Paul Pfeifer
2020-04-26 13:01 ` Hagen Paul Pfeifer
2020-04-26 16:34 ` [RFC v2] " Hagen Paul Pfeifer
2020-04-27 8:30 ` Arnd Bergmann
2020-04-27 9:00 ` Hagen Paul Pfeifer
2020-04-27 9:00 ` Hagen Paul Pfeifer
2020-04-27 17:08 ` Christian Brauner
2020-04-27 17:08 ` Christian Brauner
2020-04-27 17:52 ` Jann Horn
2020-04-27 17:52 ` Jann Horn
2020-04-27 18:18 ` Eric W. Biederman
2020-04-27 18:18 ` Eric W. Biederman
2020-04-27 18:59 ` Hagen Paul Pfeifer
2020-04-27 18:59 ` Hagen Paul Pfeifer
2020-04-27 20:08 ` Arnd Bergmann
2020-04-27 20:08 ` Arnd Bergmann
2020-04-27 20:13 ` Christian Brauner
2020-04-27 20:13 ` Christian Brauner
2020-04-28 0:45 ` Aleksa Sarai
2020-04-28 0:45 ` Aleksa Sarai
2020-04-28 1:36 ` Linus Torvalds
2020-04-28 1:36 ` Linus Torvalds
2020-04-28 4:17 ` Andy Lutomirski
2020-04-28 4:17 ` Andy Lutomirski
2020-04-28 4:28 ` Linus Torvalds
2020-04-28 4:28 ` Linus Torvalds
2020-04-28 6:39 ` Hagen Paul Pfeifer [this message]
2020-04-28 6:39 ` Hagen Paul Pfeifer
2020-04-28 7:45 ` Christian Brauner
2020-04-28 7:45 ` Christian Brauner
2020-04-28 8:21 ` Christian Brauner
2020-04-28 8:21 ` Christian Brauner
2020-04-27 21:47 ` [RFC] " kbuild test robot
2020-04-27 21:53 ` kbuild test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200428063935.GA5660@laniakea \
--to=hagen@jauu.net \
--cc=acme@redhat.com \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=christian.brauner@ubuntu.com \
--cc=christian@brauner.io \
--cc=cyphar@cyphar.com \
--cc=dhowells@redhat.com \
--cc=ebiederm@xmission.com \
--cc=fweimer@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=jannh@google.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=oleg@redhat.com \
--cc=samitolvanen@google.com \
--cc=sargun@sargun.me \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.