From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: From: ebiederm@xmission.com (Eric W. Biederman) To: Linux Containers Cc: Oleg Nesterov , "linux-kernel\@vger.kernel.org" , "linux-mm\@kvack.org" , Linux FS Devel , Michal Hocko , Jann Horn , Willy Tarreau , Kees Cook , Andy Lutomirski References: <87twcbq696.fsf@x220.int.ebiederm.org> <20161018135031.GB13117@dhcp22.suse.cz> <8737jt903u.fsf@xmission.com> <20161018150507.GP14666@pc.thejh.net> <87twc9656s.fsf@xmission.com> <20161018191206.GA1210@laptop.thejh.net> <87r37dnz74.fsf@xmission.com> <87k2d5nytz.fsf_-_@xmission.com> <87y41kjn6l.fsf@xmission.com> <20161019172917.GE1210@laptop.thejh.net> <87pomwi5p2.fsf@xmission.com> <87pomwghda.fsf@xmission.com> Date: Thu, 17 Nov 2016 11:02:47 -0600 In-Reply-To: (Andy Lutomirski's message of "Wed, 19 Oct 2016 16:17:30 -0700") Message-ID: <87twb6avk8.fsf_-_@xmission.com> MIME-Version: 1.0 Content-Type: text/plain Subject: [REVIEW][PATCH 0/3] Fixing ptrace vs exec vs userns interactions Sender: owner-linux-mm@kvack.org List-ID: With everyone heading to Kernel Summit and Plumbers I put this set of patches down temporarily. Now is the time to take it back up and to make certain I am not missing something stupid in this set of patches. There are other issues in this area as well, but these are the pieces that I can see clearly, and have tested fixes for. Andy as to your criticism about using strace sudo I can't possibly see how that is effective or useful. Under strace sudo won't run as root today, and will immediately exit because it is not root. Furthermore the only place I can find non-readable executables is people hardening suid root executables so they are more difficult to trace. So I definitely think we should honor the unix permissions and people's expressed wishes. Eric W. Biederman (3): ptrace: Capture the ptracer's creds not PT_PTRACE_CAP exec: Don't allow ptracing an exec of an unreadable file exec: Ensure mm->user_ns contains the execed files fs/exec.c | 26 +++++++++++++++++++++++--- include/linux/capability.h | 2 ++ include/linux/ptrace.h | 1 - include/linux/sched.h | 1 + kernel/capability.c | 36 ++++++++++++++++++++++++++++++++++-- kernel/ptrace.c | 12 +++++++----- 6 files changed, 67 insertions(+), 11 deletions(-) -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qt0-f200.google.com (mail-qt0-f200.google.com [209.85.216.200]) by kanga.kvack.org (Postfix) with ESMTP id DDEEF6B032E for ; Thu, 17 Nov 2016 12:07:35 -0500 (EST) Received: by mail-qt0-f200.google.com with SMTP id 41so83841451qtn.7 for ; Thu, 17 Nov 2016 09:07:35 -0800 (PST) Received: from out03.mta.xmission.com (out03.mta.xmission.com. [166.70.13.233]) by mx.google.com with ESMTPS id s194si1531888oih.181.2016.11.17.09.07.34 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 17 Nov 2016 09:07:35 -0800 (PST) From: ebiederm@xmission.com (Eric W. Biederman) References: <87twcbq696.fsf@x220.int.ebiederm.org> <20161018135031.GB13117@dhcp22.suse.cz> <8737jt903u.fsf@xmission.com> <20161018150507.GP14666@pc.thejh.net> <87twc9656s.fsf@xmission.com> <20161018191206.GA1210@laptop.thejh.net> <87r37dnz74.fsf@xmission.com> <87k2d5nytz.fsf_-_@xmission.com> <87y41kjn6l.fsf@xmission.com> <20161019172917.GE1210@laptop.thejh.net> <87pomwi5p2.fsf@xmission.com> <87pomwghda.fsf@xmission.com> Date: Thu, 17 Nov 2016 11:02:47 -0600 In-Reply-To: (Andy Lutomirski's message of "Wed, 19 Oct 2016 16:17:30 -0700") Message-ID: <87twb6avk8.fsf_-_@xmission.com> MIME-Version: 1.0 Content-Type: text/plain Subject: [REVIEW][PATCH 0/3] Fixing ptrace vs exec vs userns interactions Sender: owner-linux-mm@kvack.org List-ID: To: Linux Containers Cc: Oleg Nesterov , "linux-kernel@vger.kernel.org" , "linux-mm@kvack.org" , Linux FS Devel , Michal Hocko , Jann Horn , Willy Tarreau , Kees Cook , Andy Lutomirski With everyone heading to Kernel Summit and Plumbers I put this set of patches down temporarily. Now is the time to take it back up and to make certain I am not missing something stupid in this set of patches. There are other issues in this area as well, but these are the pieces that I can see clearly, and have tested fixes for. Andy as to your criticism about using strace sudo I can't possibly see how that is effective or useful. Under strace sudo won't run as root today, and will immediately exit because it is not root. Furthermore the only place I can find non-readable executables is people hardening suid root executables so they are more difficult to trace. So I definitely think we should honor the unix permissions and people's expressed wishes. Eric W. Biederman (3): ptrace: Capture the ptracer's creds not PT_PTRACE_CAP exec: Don't allow ptracing an exec of an unreadable file exec: Ensure mm->user_ns contains the execed files fs/exec.c | 26 +++++++++++++++++++++++--- include/linux/capability.h | 2 ++ include/linux/ptrace.h | 1 - include/linux/sched.h | 1 + kernel/capability.c | 36 ++++++++++++++++++++++++++++++++++-- kernel/ptrace.c | 12 +++++++----- 6 files changed, 67 insertions(+), 11 deletions(-) -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754626AbcKQRHl (ORCPT ); Thu, 17 Nov 2016 12:07:41 -0500 Received: from out03.mta.xmission.com ([166.70.13.233]:58663 "EHLO out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754606AbcKQRHf (ORCPT ); Thu, 17 Nov 2016 12:07:35 -0500 From: ebiederm@xmission.com (Eric W. Biederman) To: Linux Containers Cc: Oleg Nesterov , "linux-kernel\@vger.kernel.org" , "linux-mm\@kvack.org" , Linux FS Devel , Michal Hocko , Jann Horn , Willy Tarreau , Kees Cook , Andy Lutomirski References: <87twcbq696.fsf@x220.int.ebiederm.org> <20161018135031.GB13117@dhcp22.suse.cz> <8737jt903u.fsf@xmission.com> <20161018150507.GP14666@pc.thejh.net> <87twc9656s.fsf@xmission.com> <20161018191206.GA1210@laptop.thejh.net> <87r37dnz74.fsf@xmission.com> <87k2d5nytz.fsf_-_@xmission.com> <87y41kjn6l.fsf@xmission.com> <20161019172917.GE1210@laptop.thejh.net> <87pomwi5p2.fsf@xmission.com> <87pomwghda.fsf@xmission.com> Date: Thu, 17 Nov 2016 11:02:47 -0600 In-Reply-To: (Andy Lutomirski's message of "Wed, 19 Oct 2016 16:17:30 -0700") Message-ID: <87twb6avk8.fsf_-_@xmission.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1c7Q91-00010J-Ri;;;mid=<87twb6avk8.fsf_-_@xmission.com>;;;hst=in01.mta.xmission.com;;;ip=75.170.125.99;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX19V4QySFSHs6NJ/LtvdZ/TTrLWKql79B9k= X-SA-Exim-Connect-IP: 75.170.125.99 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.7 XMSubLong Long Subject * 1.5 XMNoVowels Alpha-numberic number with no vowels * 1.5 TR_Symld_Words too many words that have symbols inside * 0.0 TVD_RCVD_IP Message was received from an IP address * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5000] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa02 1397; Body=1 Fuz1=1 Fuz2=1] X-Spam-DCC: XMission; sa02 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ***;Linux Containers X-Spam-Relay-Country: X-Spam-Timing: total 15164 ms - load_scoreonly_sql: 0.08 (0.0%), signal_user_changed: 4.0 (0.0%), b_tie_ro: 2.8 (0.0%), parse: 5 (0.0%), extract_message_metadata: 29 (0.2%), get_uri_detail_list: 1.80 (0.0%), tests_pri_-1000: 24 (0.2%), tests_pri_-950: 15 (0.1%), tests_pri_-900: 2.2 (0.0%), tests_pri_-400: 65 (0.4%), check_bayes: 62 (0.4%), b_tokenize: 25 (0.2%), b_tok_get_all: 9 (0.1%), b_comp_prob: 4.6 (0.0%), b_tok_touch_all: 3.8 (0.0%), b_finish: 1.05 (0.0%), tests_pri_0: 696 (4.6%), check_dkim_signature: 1.42 (0.0%), check_dkim_adsp: 40 (0.3%), tests_pri_500: 14246 (94.0%), poll_dns_idle: 14188 (93.6%), rewrite_mail: 0.00 (0.0%) Subject: [REVIEW][PATCH 0/3] Fixing ptrace vs exec vs userns interactions X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org With everyone heading to Kernel Summit and Plumbers I put this set of patches down temporarily. Now is the time to take it back up and to make certain I am not missing something stupid in this set of patches. There are other issues in this area as well, but these are the pieces that I can see clearly, and have tested fixes for. Andy as to your criticism about using strace sudo I can't possibly see how that is effective or useful. Under strace sudo won't run as root today, and will immediately exit because it is not root. Furthermore the only place I can find non-readable executables is people hardening suid root executables so they are more difficult to trace. So I definitely think we should honor the unix permissions and people's expressed wishes. Eric W. Biederman (3): ptrace: Capture the ptracer's creds not PT_PTRACE_CAP exec: Don't allow ptracing an exec of an unreadable file exec: Ensure mm->user_ns contains the execed files fs/exec.c | 26 +++++++++++++++++++++++--- include/linux/capability.h | 2 ++ include/linux/ptrace.h | 1 - include/linux/sched.h | 1 + kernel/capability.c | 36 ++++++++++++++++++++++++++++++++++-- kernel/ptrace.c | 12 +++++++----- 6 files changed, 67 insertions(+), 11 deletions(-)