Re: [PATCH 2/2] CRED: Guard the setprocattr security hook againstptrace

From: James Morris
Date: Sun May 10 2009 - 18:39:56 EST

Next message: Alan Cox: "Re: RFC: MAINTAINER email address style?"
Previous message: James Morris: "Re: [PATCH 1/2] CRED: Rename cred_exec_mutex to reflect that it'sa guard against ptrace"
In reply to: David Howells: "[PATCH 2/2] CRED: Guard the setprocattr security hook against ptrace"
Next in thread: Oleg Nesterov: "Re: [PATCH 1/2] CRED: Rename cred_exec_mutex to reflect that it'sa guard against ptrace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 8 May 2009, David Howells wrote:

> Guard the setprocattr security hook against ptrace by taking the target task's
> cred_guard_mutex around it. The problem is that setprocattr() may otherwise
> note the lack of a debugger, and then perform an action on that basis whilst
> letting a debugger attach between the two points. Holding cred_guard_mutex
> across the test and the action prevents ptrace_attach() from doing that.
>
> Signed-off-by: David Howells <dhowells@xxxxxxxxxx>

Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next

--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: RFC: MAINTAINER email address style?"
Previous message: James Morris: "Re: [PATCH 1/2] CRED: Rename cred_exec_mutex to reflect that it'sa guard against ptrace"
In reply to: David Howells: "[PATCH 2/2] CRED: Guard the setprocattr security hook against ptrace"
Next in thread: Oleg Nesterov: "Re: [PATCH 1/2] CRED: Rename cred_exec_mutex to reflect that it'sa guard against ptrace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]