From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.9 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A2770C004C9 for ; Wed, 8 May 2019 00:39:26 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 76FB920C01 for ; Wed, 8 May 2019 00:39:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726590AbfEHAjZ (ORCPT ); Tue, 7 May 2019 20:39:25 -0400 Received: from out03.mta.xmission.com ([166.70.13.233]:48119 "EHLO out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726276AbfEHAjY (ORCPT ); Tue, 7 May 2019 20:39:24 -0400 Received: from in01.mta.xmission.com ([166.70.13.51]) by out03.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1hOAcA-0005DP-QV; Tue, 07 May 2019 18:39:18 -0600 Received: from ip72-206-97-68.om.om.cox.net ([72.206.97.68] helo=x220.xmission.com) by in01.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1hOAc6-0003vL-2C; Tue, 07 May 2019 18:39:18 -0600 From: ebiederm@xmission.com (Eric W. Biederman) To: Jann Horn Cc: Aleksa Sarai , Andy Lutomirski , Al Viro , Jeff Layton , "J. Bruce Fields" , Arnd Bergmann , David Howells , Andrew Morton , Alexei Starovoitov , Kees Cook , Christian Brauner , Tycho Andersen , David Drysdale , Chanho Min , Oleg Nesterov , Aleksa Sarai , Linus Torvalds , containers@lists.linux-foundation.org, linux-fsdevel , Linux API , kernel list , linux-arch References: <20190506165439.9155-1-cyphar@cyphar.com> <20190506165439.9155-6-cyphar@cyphar.com> Date: Tue, 07 May 2019 19:38:58 -0500 In-Reply-To: (Jann Horn's message of "Mon, 6 May 2019 20:37:37 +0200") Message-ID: <87o94d6aql.fsf@xmission.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1hOAc6-0003vL-2C;;;mid=<87o94d6aql.fsf@xmission.com>;;;hst=in01.mta.xmission.com;;;ip=72.206.97.68;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX184qY0rF5uzX8tinelqeZoHJk5mDIQxr/Q= X-SA-Exim-Connect-IP: 72.206.97.68 X-SA-Exim-Mail-From: ebiederm@xmission.com Subject: Re: [PATCH v6 5/6] binfmt_*: scope path resolution of interpreters X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Jann Horn writes: > > In my opinion, CVE-2019-5736 points out two different problems: > > The big problem: The __ptrace_may_access() logic has a special-case > short-circuit for "introspection" that you can't opt out of; Once upon a time in a galaxy far far away I fixed a bug where we missing ptrace_may_access checks on various proc files and systems using selinux stopped working. At the time selinux did not allow ptrace like access to yourself. The "introspection" special case was the quick and simple work-around. There is nothing fundamental in having the "introspection" special case except that various lsms have probably grown to depend upon it being there. I expect without difficulty we could move the check down into the various lsms. Which would get that check out of the core kernel code. Then the special case would the lsms challenge to keep or remove. Eric