[PATCH] __ptrace_may_access() should not deny sub-threads

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Oleg Nesterov <oleg@redhat.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>,
	Andy Lutomirski <luto@amacapital.net>,
	Ben Woodard <woodard@redhat.com>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	Mark Grondona <mgrondona@llnl.gov>,
	linux-kernel@vger.kernel.org
Subject: [PATCH] __ptrace_may_access() should not deny sub-threads
Date: Sun, 11 Aug 2013 19:53:25 +0200	[thread overview]
Message-ID: <20130811175325.GA12587@redhat.com> (raw)

From: Mark Grondona <mgrondona@llnl.gov>

__ptrace_may_access() checks get_dumpable/ptrace_has_cap/etc
if task != current, this can can lead to surprising results.

For example, a sub-thread can't readlink("/proc/self/exe") if
the executable is not readable. setup_new_exec()->would_dump()
notices that inode_permission(MAY_READ) fails and then it does
set_dumpable(suid_dumpable). After that get_dumpable() fails.

(It is not clear why proc_pid_readlink() checks get_dumpable(),
 perhaps we could add PTRACE_MODE_NODUMPABLE)

Change __ptrace_may_access() to use same_thread_group() instead
of "task == current". Any security check is pointless when the
tasks share the same ->mm.

Signed-off-by: Mark Grondona <mgrondona@llnl.gov>
Signed-off-by: Ben Woodard <woodard@redhat.com>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
---
 kernel/ptrace.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index a146ee3..dd562e9 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -236,7 +236,7 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
 	 */
 	int dumpable = 0;
 	/* Don't let security modules deny introspection */
-	if (task == current)
+	if (same_thread_group(task, current))
 		return 0;
 	rcu_read_lock();
 	tcred = __task_cred(task);
-- 
1.5.5.1

                 reply	other threads:[~2013-08-11 17:59 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:a146ee3 dfblob:dd562e9 )
 OR (
bs:"[PATCH] __ptrace_may_access() should not deny sub-threads" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130811175325.GA12587@redhat.com \
    --to=oleg@redhat.com \
    --cc=akpm@linux-foundation.org \
    --cc=ebiederm@xmission.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=mgrondona@llnl.gov \
    --cc=viro@zeniv.linux.org.uk \
    --cc=woodard@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).