Re: + syscalls-x86-add-__nr_kcmp-syscall-v8.patch added to -mm tree

[Vasiliy Kulikov]

On Wed, Feb 15, 2012 at 23:56 +0400, Cyrill Gorcunov wrote:
> On Wed, Feb 15, 2012 at 07:43:36PM +0100, Oleg Nesterov wrote:
> ...
> > 
> > Cough... this is question I am trying to ask ;)
> > 
> > Let me try again. To simplify, lets discuss the KCMP_VM case
> > only.
> > 
> > I do not really understand why do we need ptrace_may_access().
> > I do not see any security problems with kcmp_ptr(task->mm), but
> > I am not expert.
> > 
> > However, you added this check so I assume you have some reason.
> > But this can race with execve(setuid_app) and KCMP_VM can play
> > with task->mm after this task raises its caps. If this is fine,
> > then why do we need ptrace_may_access?
> > 
> 
> This makes me scratch the head ;) I think ptrace_may_access (or
> some other security test) should remain since it's somehow weird
> if non-root task will be able to find objects order from privileged
> task. Thus I need to find a way how to handle execve(setuid_app).
> Need to think...

Look at fs/proc/base.c:lock_trace() - it locks ->cred_guard_mutex
for the whole period of time when it uses a resource.

-- 
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/