Fix child thread introspection of of /proc/self/exe (rhbz 927469)

2 files changed, 85 insertions, 0 deletions

diff --git a/fix-child-thread-introspection.patch b/fix-child-thread-introspection.patch
new file mode 100644
index 000000000..4c0bad1a6
--- /dev/null
+++ b/fix-child-thread-introspection.patch
@@ -0,0 +1,76 @@
+Allow threads other than the main thread to do introspection of files in 
+proc without relying on read permissions. proc_pid_follow_link() calls 
+proc_fd_access_allowed() which ultimately calls __ptrace_may_access().
+
+Though this allows additional access to some proc files, we do not 
+believe that this has any unintended security implications. However it 
+probably needs to be looked at carefully.
+
+The original problem was a thread of a process whose permissions were 
+111 couldn't open its own /proc/self/exe This was interfering with a 
+special purpose debugging tool. A simple reproducer is below.:
+
+#include <pthread.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <sys/types.h>
+
+#define BUFSIZE 2048
+
+void *thread_main(void *arg){
+   char *str=(char*)arg;
+   char buf[BUFSIZE];
+   ssize_t len=readlink("/proc/self/exe", buf, BUFSIZE);
+   if(len==-1)
+     printf("/proc/self/exe in %s: %s\n", str,sys_errlist[errno]);
+   else
+     printf("/proc/self/exe in %s: OK\n", str);
+
+   return 0;
+}
+
+int main(){
+   pthread_t thread;
+
+   int retval=pthread_create( &thread, NULL, thread_main, "thread");
+   if(retval!=0)
+     exit(1);
+
+   thread_main("main");
+   pthread_join(thread, NULL);
+
+   exit(0);
+}
+
+Signed-off-by: Ben Woodard <woodard@redhat.com>
+Signed-off-by: Mark Grondona <mgrondona@llnl.gov>
+---
+  kernel/ptrace.c | 2 +-
+  1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/kernel/ptrace.c b/kernel/ptrace.c
+index acbd284..347c4c7 100644
+--- a/kernel/ptrace.c
++++ b/kernel/ptrace.c
+diff -ruNp linux-3.8.4-103.fc17.noarch/kernel/ptrace.c linux-3.8.4-103.fc17.ptrace/kernel/ptrace.c
+--- linux-3.8.4-103.fc17.noarch/kernel/ptrace.c	2013-02-18 17:58:34.000000000 -0600
++++ linux-3.8.4-103.fc17.ptrace/kernel/ptrace.c	2013-03-26 14:59:01.939396346 -0500
+@@ -234,7 +234,7 @@ static int __ptrace_may_access(struct ta
+ 	 */
+ 	int dumpable = 0;
+ 	/* Don't let security modules deny introspection */
+-	if (task == current)
++	if (same_thread_group(task, current))
+ 		return 0;
+ 	rcu_read_lock();
+ 	tcred = __task_cred(task);
+-- 
+1.8.1.4
+
+--
+To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
+the body of a message to majordomo@vger.kernel.org
+More majordomo info at  http://vger.kernel.org/majordomo-info.html
+Please read the FAQ at  http://www.tux.org/lkml/
diff --git a/kernel.spec b/kernel.spec
index dc9555574..1b5b80730 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -758,6 +758,9 @@ Patch22001: selinux-apply-different-permission-to-ptrace-child.patch
 Patch23000: cpufreq-intel-pstate-validate-msrs.patch
 Patch23001: cpufreq-intel-pstate-max-is-in-the-max-variable-who-knew.patch
 
+#rhbz 927469
+Patch23006: fix-child-thread-introspection.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1460,6 +1463,9 @@ ApplyPatch HID-usbhid-quirk-for-MSI-GX680R-led-panel.patch
 #rhbz 806587
 ApplyPatch HID-usbhid-quirk-for-Realtek-Multi-card-reader.patch
 
+#rhbz 927469
+ApplyPatch fix-child-thread-introspection.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2301,6 +2307,9 @@ fi
 #                 ||----w |
 #                 ||     ||
 %changelog
+* Tue Mar 26 2013 Justin M. Forbes <jforbes@redhat.com>
+- Fix child thread introspection of of /proc/self/exe (rhbz 927469)
+
 * Tue Mar 26 2013 Dave Jones <davej@redhat.com>
 - Enable CONFIG_DM_CACHE (rhbz 924325)