From: "Adrian Ratiu" <adrian.ratiu@collabora.com>
To: "Linus Torvalds" <torvalds@linux-foundation.org>
Cc: "Kees Cook" <kees@kernel.org>,
linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org,
kernel@collabora.com, gbiv@google.com, inglorion@google.com,
ajordanr@google.com, "Doug Anderson" <dianders@chromium.org>,
"Jeff Xu" <jeffxu@google.com>, "Jann Horn" <jannh@google.com>,
"Christian Brauner" <brauner@kernel.org>
Subject: Re: [PATCH] proc: add config to block FOLL_FORCE in mem writes
Date: Thu, 18 Jul 2024 16:58:10 +0100 [thread overview]
Message-ID: <11987f-66993b80-1-116be8e0@64320549> (raw)
In-Reply-To: <CAHk-=wi9qsy-bX65ev8jgDzGM+uTk=Vbix32F8SLfUWegajT+w@mail.gmail.com>
On Thursday, July 18, 2024 03:04 EEST, Linus Torvalds <torvalds@linux-foundation.org> wrote:
> On Wed, 17 Jul 2024 at 15:24, Kees Cook <kees@kernel.org> wrote:
> >
> > > In particular, this patch would make it easy to make that
> > > SECURITY_PROC_MEM_RESTRICT_FOLL_FORCE config option be a "choice"
> > > where you pick "never, ptrace, always" by just changing the rules in
> > > proc_is_ptracing().
> >
> > So the original patch could be reduced to just the single tristate option
> > instead of 3 tristates? I think that would be a decent middle ground,
> > and IIUC, will still provide the coverage Chrome OS is looking for[1].
>
> So here's what I kind of think might be ok.
>
> ENTIRELY UNTESTED! This is more of a "look, something like this,
> perhaps" patch than a real one.
>
> If somebody tests this, and it is ok for Chrome OS, you can consider
> this signed-off-on, but only with actual testing. I might have gotten
> something hroribly wrong.
Thanks for the patch!
I tested it on ChromeOS and it does what it intends, just with two
minor fixes applied:
--- a/security/Kconfig
+++ b/security/Kconfig
-config CONFIG_PROC_MEM_FORCE_PTRACE
+config PROC_MEM_FORCE_PTRACE
.....
-config CONFIG_PROC_MEM_NO_FORCE
+config PROC_MEM_NO_FORCE
As Kees suggested, I'll add a bootparam with a simple __ro_after_init
variable to select this and then send a v2 for review.
next prev parent reply other threads:[~2024-07-18 15:58 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-17 11:13 [PATCH] proc: add config to block FOLL_FORCE in mem writes Adrian Ratiu
2024-07-17 17:22 ` Kees Cook
2024-07-17 18:16 ` Linus Torvalds
2024-07-17 22:23 ` Kees Cook
2024-07-18 0:04 ` Linus Torvalds
2024-07-18 15:58 ` Adrian Ratiu [this message]
2024-07-17 20:53 ` Eric Biggers
2024-07-17 21:28 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=11987f-66993b80-1-116be8e0@64320549 \
--to=adrian.ratiu@collabora.com \
--cc=ajordanr@google.com \
--cc=brauner@kernel.org \
--cc=dianders@chromium.org \
--cc=gbiv@google.com \
--cc=inglorion@google.com \
--cc=jannh@google.com \
--cc=jeffxu@google.com \
--cc=kees@kernel.org \
--cc=kernel@collabora.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).