From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1759683AbcKCWJW (ORCPT <rfc822;w@1wt.eu>);
        Thu, 3 Nov 2016 18:09:22 -0400
Received: from thejh.net ([37.221.195.125]:35967 "EHLO thejh.net"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1758509AbcKCWJU (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 3 Nov 2016 18:09:20 -0400
Date: Thu, 3 Nov 2016 23:09:15 +0100
From: Jann Horn <jann@thejh.net>
To: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>,
        Jonathan Corbet <corbet@lwn.net>, Vlastimil Babka <vbabka@suse.cz>,
        Michal Hocko <mhocko@suse.com>,
        Konstantin Khlebnikov <koct9i@gmail.com>,
        Hugh Dickins <hughd@google.com>,
        Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>,
        Rodrigo Freire <rfreire@redhat.com>,
        John Stultz <john.stultz@linaro.org>,
        Ross Zwisler <ross.zwisler@linux.intel.com>,
        Robert Ho <robert.hu@intel.com>, Jerome Marchand <jmarchan@redhat.com>,
        Andy Lutomirski <luto@kernel.org>,
        Johannes Weiner <hannes@cmpxchg.org>,
        Alexey Dobriyan <adobriyan@gmail.com>,
        "Richard W.M. Jones" <rjones@redhat.com>,
        Joe Perches <joe@perches.com>, linux-doc@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH] proc: Report no_new_privs state
Message-ID: <20161103220915.GP8196@pc.thejh.net>
References: <20161103214041.GA58566@beast>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="G6ArjEZjY3m60389"
Content-Disposition: inline
In-Reply-To: <20161103214041.GA58566@beast>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


--G6ArjEZjY3m60389
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Nov 03, 2016 at 02:40:41PM -0700, Kees Cook wrote:
> Similar to being able to examine if a process has been correctly confined
> with seccomp, the state of no_new_privs is equally interesting, so this
> adds it to /proc/$pid/status.
>=20
> Signed-off-by: Kees Cook <keescook@chromium.org>

(Note: The proc.5 manpage also lists all the entries of the "status" file,
so it should also be updated.)

Reviewed-by: Jann Horn <jann@thejh.net>

> ---
>  Documentation/filesystems/proc.txt | 2 ++
>  fs/proc/array.c                    | 5 +++--
>  2 files changed, 5 insertions(+), 2 deletions(-)
>=20
> diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesyste=
ms/proc.txt
> index 74329fd0add2..c03f2f91c6ab 100644
> --- a/Documentation/filesystems/proc.txt
> +++ b/Documentation/filesystems/proc.txt
> @@ -191,6 +191,7 @@ read the file /proc/PID/status:
>    CapPrm: 0000000000000000
>    CapEff: 0000000000000000
>    CapBnd: ffffffffffffffff
> +  NoNewPrivs:     0
>    Seccomp:        0
>    voluntary_ctxt_switches:        0
>    nonvoluntary_ctxt_switches:     1
> @@ -262,6 +263,7 @@ Table 1-2: Contents of the status files (as of 4.1)
>   CapPrm                      bitmap of permitted capabilities
>   CapEff                      bitmap of effective capabilities
>   CapBnd                      bitmap of capabilities bounding set
> + NoNewPrivs                  no_new_privs, like prctl(PR_GET_NO_NEW_PRIV=
, ...)
>   Seccomp                     seccomp mode, like prctl(PR_GET_SECCOMP, ..=
=2E)
>   Cpus_allowed                mask of CPUs on which this process may run
>   Cpus_allowed_list           Same as previous, but in "list format"
> diff --git a/fs/proc/array.c b/fs/proc/array.c
> index 81818adb8e9e..082676ab4878 100644
> --- a/fs/proc/array.c
> +++ b/fs/proc/array.c
> @@ -342,10 +342,11 @@ static inline void task_cap(struct seq_file *m, str=
uct task_struct *p)
> =20
>  static inline void task_seccomp(struct seq_file *m, struct task_struct *=
p)
>  {
> +	seq_put_decimal_ull(m, "NoNewPrivs:\t", task_no_new_privs(p));
>  #ifdef CONFIG_SECCOMP
> -	seq_put_decimal_ull(m, "Seccomp:\t", p->seccomp.mode);
> -	seq_putc(m, '\n');
> +	seq_put_decimal_ull(m, "\nSeccomp:\t", p->seccomp.mode);
>  #endif
> +	seq_putc(m, '\n');
>  }
> =20
>  static inline void task_context_switch_counts(struct seq_file *m,
> --=20
> 2.7.4
>=20
>=20
> --=20
> Kees Cook
> Nexus Security

--G6ArjEZjY3m60389
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJYG7WLAAoJED4KNFJOeCOoKjMQAJnMYSq717/e2gs70PIpDLzC
wm/eoSGqLzhk41CrRq/WlRxkcygmF740s1hHwfis0O57fmSIc+gkkUh9aXTYjKB5
FvtjjuJ4ntk+0To+v9scNBCTJd7hhnK8CA7cauHta6mfwUOTZphiR1HhflvYwiTw
dtfVz5qMcJJcrUpeIbyzFD0dAcf8LwYxybnn7h0TJKCPcGqwPstmbEEEndUGDwni
o13OHhgLR7fmQJh05WCFmc0qDlBPsermulL1KGjETgX5RDS3eollbjU0WDFPPyu4
pPEufxQPi23l9g/RD4tj0gdgdGSRs8zVb3d4tjiPMGt+H+3OLsLyy5AQKYzm1vxy
KTGXpo782AWzWNAHAwOE3N3FQwDDExpCxkVCvhjRVD/4CtybvnfI7uaAXSBomsxo
C2PpLfALzeuxIHZFvU8PhqLTpsF7L7mYfAh5cVSlkVOBeQdP66BdNu+Lrs/ljFlI
LyAdT6HngmgqW7QjdMZxqydxI8OSCAwpzTq001v8MTOWnWhU3UBrwdMZUCe8+Jps
U2q/B+zE6RSvdjeYmYtlds8JIGciRxFIA8d7fFUpAAoGshVGNI/uxeBiofs3UL0B
PdznPaiJtTtdk+fUdwVudwof2gwknd80a7BbERJU5YoyRvRso2qF/33YbdutYdrm
rvGC2t/Yz2+evYUwEPIg
=maU/
-----END PGP SIGNATURE-----

--G6ArjEZjY3m60389--