From: Djalal Harouni <tixxdz@opendz.org>
To: Kees Cook <keescook@chromium.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Ingo Molnar <mingo@kernel.org>,
"Serge E. Hallyn" <serge.hallyn@ubuntu.com>,
Cyrill Gorcunov <gorcunov@openvz.org>,
LKML <linux-kernel@vger.kernel.org>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
tixxdz@gmail.com
Subject: Re: [PATCH 06/12] procfs: make /proc/*/stack 0400
Date: Sat, 28 Sep 2013 15:35:23 +0100 [thread overview]
Message-ID: <20130928143523.GA2199@dztty> (raw)
In-Reply-To: <CAGXu5jJKH6WPSMnqALOEjqGb6ZoeyYzj5vemk=2z4KPZyg=ptw@mail.gmail.com>
On Thu, Sep 26, 2013 at 03:43:24PM -0500, Kees Cook wrote:
> On Wed, Sep 25, 2013 at 3:14 PM, Djalal Harouni <tixxdz@opendz.org> wrote:
> > The /proc/*/stack contains sensitive information and currently its mode
> > is 0444. Change this to 0400 so the VFS will be able to block
> > unprivileged processes to get file descriptors on arbitrary privileged
> > /proc/*/stack files.
> >
> > The /proc/*/stack is a /procfs ONE file that shares the same ->open()
> > file operation with other ONE files. Doing a ptrace_may_access() check
> > during open() might break userspace from accessing other ONE files
> > like /proc/*/stat and /proc/*/statm.
> >
> > Therfore make it 0400 for now, and improve its check during ->read()
> > in the next following patch.
> >
> > Cc: Kees Cook <keescook@chromium.org>
> > Cc: Eric W. Biederman <ebiederm@xmission.com>
> > Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
>
> While the rest of the series is being discussed, I think it would be
> nice to at least get this into the tree. Fixing this reduces which
> processes are exposed to ASLR leaks. The rest of the series closes the
> remaining holes.
>
> I would if it would be valuable adding a test for the identified leak
> conditions to some test suite? LTP perhaps?
I'm not familiar with LTP, but I guess a small program that perform I/O
redirection and execve a suid-exec will do it?
I'll try to add code comment in fs/proc/base.c
> -Kees
>
> --
> Kees Cook
> Chrome OS Security
--
Djalal Harouni
http://opendz.org
next prev parent reply other threads:[~2013-09-28 14:35 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-25 20:14 [PATCH 0/12] procfs: protect /proc/<pid>/* files with file->f_cred Djalal Harouni
2013-09-25 20:14 ` [PATCH 01/12] procfs: add proc_same_open_cred() to check if the cred have changed Djalal Harouni
2013-09-25 20:14 ` [PATCH 02/12] procfs: add proc_allow_access() to check if file's opener may access task Djalal Harouni
2013-09-25 20:14 ` [PATCH 03/12] procfs: Document the proposed solution to protect procfs entries Djalal Harouni
2013-09-25 20:14 ` [PATCH 04/12] seq_file: Make seq_file able to access the file's opener cred Djalal Harouni
2013-09-26 0:22 ` Linus Torvalds
2013-09-26 3:02 ` Al Viro
2013-09-27 8:37 ` Djalal Harouni
2013-09-28 14:57 ` Djalal Harouni
2013-09-27 8:34 ` Djalal Harouni
2013-09-26 2:42 ` Al Viro
2013-09-25 20:14 ` [PATCH 05/12] seq_file: set the seq_file->f_cred during seq_open() Djalal Harouni
2013-09-25 20:14 ` [PATCH 06/12] procfs: make /proc/*/stack 0400 Djalal Harouni
2013-09-26 20:43 ` Kees Cook
2013-09-28 14:35 ` Djalal Harouni [this message]
2013-10-02 19:52 ` Kees Cook
2013-09-29 10:37 ` Djalal Harouni
2013-10-02 19:49 ` Kees Cook
2013-09-25 20:14 ` [PATCH 07/12] procfs: add permission checks on the file's opener of /proc/*/stack Djalal Harouni
2013-09-25 20:14 ` [PATCH 08/12] procfs: add permission checks on the file's opener of /proc/*/personality Djalal Harouni
2013-09-25 20:14 ` [PATCH 09/12] procfs: add permission checks on the file's opener of /proc/*/stat Djalal Harouni
2013-09-25 20:14 ` [PATCH 10/12] procfs: move PROC_BLOCK_SIZE declaration up to make it visible Djalal Harouni
2013-09-25 20:14 ` [PATCH 11/12] procfs: improve permission checks on /proc/*/syscall Djalal Harouni
2013-09-25 20:14 ` [PATCH 12/12] user_ns: seq_file: use the user_ns that is embedded in the f_cred struct Djalal Harouni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130928143523.GA2199@dztty \
--to=tixxdz@opendz.org \
--cc=akpm@linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=gorcunov@openvz.org \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=serge.hallyn@ubuntu.com \
--cc=tixxdz@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).