From: Oleg Nesterov <oleg@redhat.com>
To: Stijn Volckaert <Stijn.Volckaert@elis.ugent.be>
Cc: Kees Cook <keescook@chromium.org>,
Roland McGrath <roland@hack.frob.com>,
LKML <linux-kernel@vger.kernel.org>,
linux-security-module <linux-security-module@vger.kernel.org>,
Stephen Smalley <sds@tycho.nsa.gov>,
Casey Schaufler <casey@schaufler-ca.com>,
John Johansen <john.johansen@canonical.com>,
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Subject: Re: [PATCH RFC] Allow introspection to already attached ptracer in __ptrace_may_access
Date: Thu, 8 Jan 2015 20:18:13 +0100 [thread overview]
Message-ID: <20150108191813.GA30102@redhat.com> (raw)
In-Reply-To: <54AE5EA9.4060105@elis.ugent.be>
On 01/08, Stijn Volckaert wrote:
>
> From that point onwards, the debugger can no longer perform any
> operations that go through __ptrace_may_access. These include
> process_vm_{read,write}v but also PTRACE_{POKE,PEEK}{TEXT,DATA}.
PTRACE_POKE/PEEK should work? not that this really matters...
> I don't see
> how Yama can possibly tell that tracee B and the debugger are still related
> at this point so I see no easy fix for this.
Well, perhaps yama can also have PR_SET_PTRACEE, I dunno.
> Patching __ptrace_may_access
> might indeed not be a good idea as it is used to check for credentials to
> perform a bunch of other non-ptrace operations throughout the kernel.
Just add the "ptrace_parent(task) == current" check into
ptracer_exception_found() ?
> The possible solutions that I can see right now are:
> 1) Adding some sort of original_parent field to task_struct, just for the
> sake of relationship tracking
And what should we do with this pointer if original_parent exits?
> 2) Changing the credentials check in process_vm_{read,write}v only so that
> you don't go all the way into __ptrace_may_access if you're already attached
> as a ptracer
This really doesn't look good, imo.
Oleg.
prev parent reply other threads:[~2015-01-08 19:20 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-24 13:28 [PATCH RFC] Allow introspection to already attached ptracer in __ptrace_may_access Stijn Volckaert
2014-12-24 18:06 ` Oleg Nesterov
2015-01-05 23:47 ` Kees Cook
2015-01-06 0:17 ` Casey Schaufler
2015-01-06 9:07 ` Stijn Volckaert
2015-01-06 18:44 ` Oleg Nesterov
2015-01-08 10:40 ` Stijn Volckaert
2015-01-08 19:18 ` Oleg Nesterov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150108191813.GA30102@redhat.com \
--to=oleg@redhat.com \
--cc=Stijn.Volckaert@elis.ugent.be \
--cc=casey@schaufler-ca.com \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=roland@hack.frob.com \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox