[PATCH 1/1] ptrace: introduce PTRACE_O_EXITKILL

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Oleg Nesterov <oleg@redhat.com>
To: Andrew Morton <akpm@linux-foundation.org>,
	Amnon Shiloh <u3557@miso.sublimeip.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>,
	Michael Kerrisk <mtk.manpages@gmail.com>,
	Serge Hallyn <serge.hallyn@canonical.com>,
	Chris Evans <scarybeasts@gmail.com>,
	David Howells <dhowells@redhat.com>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	u3557@dialix.com.au, security@kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH 1/1] ptrace: introduce PTRACE_O_EXITKILL
Date: Sun, 18 Nov 2012 21:21:40 +0100	[thread overview]
Message-ID: <20121118202140.GB20360@redhat.com> (raw)
In-Reply-To: <20121118202108.GA20360@redhat.com>

Ptrace jailers want to be sure that the tracee can never escape
from the control. However if the tracer dies unexpectedly the
tracee continues to run in potentially unsafe mode.

Add the new ptrace option PTRACE_O_EXITKILL. If the tracer exits
it sends SIGKILL to every tracee which has this bit set.

Note that the new option is not equal to the last-option << 1.
Because currently all options have the event, and the new one
starts the eventless group. It uses the random 20 bit, so we have
the room for 12 more events, but we can also add the new eventless
options below this one.

Suggested-and-tested-by: Amnon Shiloh <u3557@miso.sublimeip.com>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
---
 include/linux/ptrace.h      |    2 ++
 include/uapi/linux/ptrace.h |    5 ++++-
 kernel/ptrace.c             |    3 +++
 3 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h
index e0ff468..62db1a1 100644
--- a/include/linux/ptrace.h
+++ b/include/linux/ptrace.h
@@ -32,6 +32,8 @@
 #define PT_TRACE_EXIT		PT_EVENT_FLAG(PTRACE_EVENT_EXIT)
 #define PT_TRACE_SECCOMP	PT_EVENT_FLAG(PTRACE_EVENT_SECCOMP)
 
+#define PT_EXITKILL		(PTRACE_O_EXITKILL << PT_OPT_FLAG_SHIFT)
+
 /* single stepping state bits (used on ARM and PA-RISC) */
 #define PT_SINGLESTEP_BIT	31
 #define PT_SINGLESTEP		(1<<PT_SINGLESTEP_BIT)
diff --git a/include/uapi/linux/ptrace.h b/include/uapi/linux/ptrace.h
index 1ef6c05..022ab18 100644
--- a/include/uapi/linux/ptrace.h
+++ b/include/uapi/linux/ptrace.h
@@ -73,7 +73,10 @@
 #define PTRACE_O_TRACEEXIT	(1 << PTRACE_EVENT_EXIT)
 #define PTRACE_O_TRACESECCOMP	(1 << PTRACE_EVENT_SECCOMP)
 
-#define PTRACE_O_MASK		0x000000ff
+/* eventless options */
+#define PTRACE_O_EXITKILL	(1 << 20)
+
+#define PTRACE_O_MASK		(0x000000ff | PTRACE_O_EXITKILL)
 
 #include <asm/ptrace.h>
 
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index 1f5e55d..ec8118a 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -457,6 +457,9 @@ void exit_ptrace(struct task_struct *tracer)
 		return;
 
 	list_for_each_entry_safe(p, n, &tracer->ptraced, ptrace_entry) {
+		if (unlikely(p->ptrace & PT_EXITKILL))
+			send_sig_info(SIGKILL, SEND_SIG_FORCED, p);
+
 		if (__ptrace_detach(tracer, p))
 			list_add(&p->ptrace_entry, &ptrace_dead);
 	}
-- 
1.5.5.1

next prev parent reply	other threads:[~2012-11-18 20:21 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20121106152050.GA18218@sergelap>
     [not found] ` <20121106201428.9D72959201A@miso.sublimeip.com>
2012-11-07 15:09   ` PT_EXITKILL (Was: pdeath_signal) Oleg Nesterov
2012-11-08  6:29     ` Amnon Shiloh
2012-11-08 12:37       ` Oleg Nesterov
2012-11-08 13:03         ` Amnon Shiloh
2012-11-18 20:21         ` [PATCH 0/1] ptrace: introduce PTRACE_O_EXITKILL Oleg Nesterov
2012-11-18 20:21           ` Oleg Nesterov [this message]
2012-11-08 12:48       ` PF_NO_SIGSTOP (Was: PT_EXITKILL) Oleg Nesterov
2012-11-08 14:05         ` Amnon Shiloh
2012-11-08 12:16     ` PT_EXITKILL (Was: pdeath_signal) Pedro Alves
2012-11-08 12:44       ` Oleg Nesterov
2012-11-08 13:00         ` Pedro Alves

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:e0ff468 dfblob:62db1a1 dfblob:1ef6c05 dfblob:022ab18
dfblob:1f5e55d dfblob:ec8118a )
 OR (
bs:"[PATCH 1/1] ptrace: introduce PTRACE_O_EXITKILL" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20121118202140.GB20360@redhat.com \
    --to=oleg@redhat.com \
    --cc=akpm@linux-foundation.org \
    --cc=dhowells@redhat.com \
    --cc=dvlasenk@redhat.com \
    --cc=ebiederm@xmission.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mtk.manpages@gmail.com \
    --cc=scarybeasts@gmail.com \
    --cc=security@kernel.org \
    --cc=serge.hallyn@canonical.com \
    --cc=u3557@dialix.com.au \
    --cc=u3557@miso.sublimeip.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).