From: Cyrill Gorcunov <gorcunov@openvz.org>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: richard -rw- weinberger <richard.weinberger@gmail.com>,
LKML <linux-kernel@vger.kernel.org>,
Oleg Nesterov <oleg@redhat.com>,
KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>,
Pavel Emelyanov <xemul@parallels.com>,
Kees Cook <keescook@chromium.org>, Tejun Heo <tj@kernel.org>,
Matt Helsley <matthltc@us.ibm.com>
Subject: Re: [patch 1/2] c/r: prctl: Add ability to set new mm_struct::exe_file
Date: Tue, 20 Mar 2012 03:12:12 +0400 [thread overview]
Message-ID: <20120319231212.GD21262@moon> (raw)
In-Reply-To: <20120319155926.8d1d8f0e.akpm@linux-foundation.org>
On Mon, Mar 19, 2012 at 03:59:26PM -0700, Andrew Morton wrote:
...
> >
> > It can use it iif CAP_SYS_RESOURCE is granted.
> > Otherwise you'll get -eaccess.
>
> A rootkit already obtained CAP_SYS_RESOURCE. What we're concerned
> about here is its ability to hide itself from view and its ability to
> obscure the way in which it obtained elevated privs.
Well, if rootkit got CAP_SYS_RESOURCE I think we're in bad situation
then -- it might change the symlink to some 'known' and trusted
application and you'll never notice that (without scanning the
memory area such rootkit uses, and note 'scanning' here because
you need to scan for memory contents to figure out that memory
do not correspond the file symlinks point to).
Actually being able to restore program 'transparently' is a primary
aim of checkpoint-restore itself.
>
> How much this patch worsens the situation is unclear to me, so let's
> think it through.
Dunno Andrew, /proc/exe/symlink is never trusted source of info I guess.
But I need to think some more...
Cyrill
next prev parent reply other threads:[~2012-03-19 23:12 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-16 20:55 [patch 0/2] [PATCH 0/2] prctl extension in a sake of c/r Cyrill Gorcunov
2012-03-16 20:55 ` [patch 1/2] c/r: prctl: Add ability to set new mm_struct::exe_file Cyrill Gorcunov
2012-03-19 22:15 ` Andrew Morton
2012-03-19 22:39 ` Cyrill Gorcunov
2012-03-19 22:41 ` richard -rw- weinberger
2012-03-19 22:46 ` Andrew Morton
2012-03-19 22:50 ` Cyrill Gorcunov
2012-03-19 22:59 ` Andrew Morton
2012-03-19 23:12 ` Cyrill Gorcunov [this message]
2012-03-19 23:02 ` richard -rw- weinberger
2012-03-19 23:17 ` Cyrill Gorcunov
2012-03-19 23:23 ` richard -rw- weinberger
2012-03-20 6:55 ` Cyrill Gorcunov
2012-03-22 23:38 ` Eric W. Biederman
2012-03-23 6:41 ` Cyrill Gorcunov
2012-03-23 6:47 ` Cyrill Gorcunov
2012-03-23 17:06 ` Matt Helsley
2012-03-19 22:47 ` Cyrill Gorcunov
2012-03-16 20:55 ` [patch 2/2] c/r: prctl: Add ability to get clear_tid_address Cyrill Gorcunov
2012-03-19 16:51 ` Kees Cook
2012-03-19 16:55 ` Cyrill Gorcunov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120319231212.GD21262@moon \
--to=gorcunov@openvz.org \
--cc=akpm@linux-foundation.org \
--cc=keescook@chromium.org \
--cc=kosaki.motohiro@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=matthltc@us.ibm.com \
--cc=oleg@redhat.com \
--cc=richard.weinberger@gmail.com \
--cc=tj@kernel.org \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox