From: John Johansen <john.johansen@canonical.com>
To: Richard Guy Briggs <rgb@redhat.com>, Oleg Nesterov <oleg@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Peter Zijlstra <peterz@infradead.org>,
Eric Paris <eparis@redhat.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] apparmor: remove the "task" arg from may_change_ptraced_domain()
Date: Thu, 19 Dec 2013 22:22:25 -0800 [thread overview]
Message-ID: <52B3E221.4000909@canonical.com> (raw)
In-Reply-To: <20131220043632.GA14884@madcap2.tricolour.ca>
On 12/19/2013 08:36 PM, Richard Guy Briggs wrote:
> On 13/12/18, Oleg Nesterov wrote:
>> On 12/18, Richard Guy Briggs wrote:
>>>
>>> Bcc: rgb@redhat.com
>>> Subject: Re: [PATCH] apparmor: remove the "task" arg from
>>> may_change_ptraced_domain()
>>> Reply-To:
>>> In-Reply-To: <20130926132519.GY13968@madcap2.tricolour.ca>
>>
>> The subject is empty ;) I changed it to match the above.
>
> HTH?!? Thanks for adding it. (more below...)
>
>>> On 13/09/26, Richard Guy Briggs wrote:
>>>> On Tue, Sep 24, 2013 at 06:44:42PM +0200, Oleg Nesterov wrote:
>>>>> On 09/23, Richard Guy Briggs wrote:
>>>>>>
>>>>>> On Mon, Sep 16, 2013 at 04:20:35PM +0200, Oleg Nesterov wrote:
>>>>>>> Unless task == current ptrace_parent(task) is not safe even under
>>>>>>> rcu_read_lock() and most of the current users are not right.
>>>>>>
>>>>>> Could you point to an explanation of this?
>>>>>
>>>>> If this task exits before rcu_read_lock() ->parent can point to the
>>>>> already freed/reused memory.
>>>>
>>>> Ok, understood. So even though the task may have exited, the task
>>>> struct pointer is still valid, but not the contents of the task struct
>>>> to which it points.
>>>
>>> [The thread also relates to the patch
>>> "pid: get ppid pid_t of task in init_pid_ns safely"
>>> in which sys_getppid() (which appears safe) is replaced with something that
>>> references the init_pid_ns rather than current's pid_ns.]
>>>
>>> So, in the general case, that call is not safe, and we should at least
>>> remove the task_struct argument.
>>
>> I changed my mind, please see the recent discussion with Paul:
>>
>> http://marc.info/?t=138626281900001
>>
>> instead we should document why ptrace_parent() is safe without pid_alive().
>
> Interesting. I wasn't aware of pid_alive(), but that would certainly
> help.
>
>> I hope that the change in apparmor was fine anyway.
>
> Yes, I'm fine with apparmor change, if it was deemed that the ppid
> wasn't needed. If it is, then it should use this new task_ppid_nr().
it wasn't needed, changes where made years ago to allow us to get rid of
using the parent pid. Its was left in for a transition period and just
had never been removed.
> Better yet I think to generalize it to anticipate auditd in containers.
>
yep, that is the way to go
next prev parent reply other threads:[~2013-12-20 6:22 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-18 19:43 Richard Guy Briggs
2013-12-18 20:19 ` [PATCH] apparmor: remove the "task" arg from may_change_ptraced_domain() Oleg Nesterov
2013-12-20 4:36 ` Richard Guy Briggs
2013-12-20 6:22 ` John Johansen [this message]
2013-12-20 17:59 ` Oleg Nesterov
-- strict thread matches above, loose matches on Subject: below --
2013-09-16 14:20 Oleg Nesterov
2013-09-16 15:10 ` Oleg Nesterov
2013-09-16 17:01 ` John Johansen
2013-09-23 21:52 ` Richard Guy Briggs
2013-09-24 16:44 ` Oleg Nesterov
2013-09-26 13:25 ` Richard Guy Briggs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52B3E221.4000909@canonical.com \
--to=john.johansen@canonical.com \
--cc=akpm@linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=eparis@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=peterz@infradead.org \
--cc=rgb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.