From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-fsdevel-owner@vger.kernel.org>
Received: from www.llwyncelyn.cymru ([82.70.14.225]:60402 "EHLO fuzix.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728200AbeI1OFG (ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
        Fri, 28 Sep 2018 10:05:06 -0400
Date: Wed, 26 Sep 2018 23:39:03 +0100
From: Alan Cox <gnomes@lxorguk.ukuu.org.uk>
To: "Theodore Y. Ts'o" <tytso@mit.edu>
Cc: TongZhang <ztong@vt.edu>, Cyrill Gorcunov <gorcunov@gmail.com>,
        adobriyan@gmail.com, akpm@linux-foundation.org,
        viro@zeniv.linux.org.uk
Subject: Re: Leaking path for set_task_comm
Message-ID: <20180926233903.38fb598a@alans-desktop>
In-Reply-To: <20180926031645.GB3321@thunk.org>
References: <F7DFF547-5267-4EF3-8BF3-70DAF6C2A53A@vt.edu>
        <20180925183953.GI15710@uranus>
        <0CD63E6E-7512-4DD6-8858-4408416DC730@vt.edu>
        <20180926031645.GB3321@thunk.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>


> Trying to depend on task name for anything security sensitive is at
> _really_ bad idea, so it seems unlikely that a LSM would want to
> protect the process name.  (And if they did, the first thing I would
> ask is "Why?  What are you trying to do?  Do you realize how many
> *other* ways the process name can be spoofed or otherwise controlled
> by a potentially malicious user?")

Two processes that should not be able to otherwise communicate can keep
changing their name to a chunk of data, waiting for an ack flag name
change back.

Alan