diff options
author | Justin M. Forbes <jforbes@redhat.com> | 2013-03-26 15:11:30 -0500 |
---|---|---|
committer | Justin M. Forbes <jforbes@redhat.com> | 2013-03-26 15:11:30 -0500 |
commit | f62d8124855ba86be3b05887a0980f26c7cb8da8 (patch) | |
tree | 409e82deead98c1adf325bdd7c3ae5175bbdaabd /fix-child-thread-introspection.patch | |
parent | a9ccf7f1203937a969c033b8d0da0a72c2a8be1f (diff) | |
download | kernel-f62d8124855ba86be3b05887a0980f26c7cb8da8.tar.gz kernel-f62d8124855ba86be3b05887a0980f26c7cb8da8.tar.xz kernel-f62d8124855ba86be3b05887a0980f26c7cb8da8.zip |
Fix child thread introspection of of /proc/self/exe (rhbz 927469)
Diffstat (limited to 'fix-child-thread-introspection.patch')
-rw-r--r-- | fix-child-thread-introspection.patch | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/fix-child-thread-introspection.patch b/fix-child-thread-introspection.patch new file mode 100644 index 000000000..4c0bad1a6 --- /dev/null +++ b/fix-child-thread-introspection.patch @@ -0,0 +1,76 @@ +Allow threads other than the main thread to do introspection of files in +proc without relying on read permissions. proc_pid_follow_link() calls +proc_fd_access_allowed() which ultimately calls __ptrace_may_access(). + +Though this allows additional access to some proc files, we do not +believe that this has any unintended security implications. However it +probably needs to be looked at carefully. + +The original problem was a thread of a process whose permissions were +111 couldn't open its own /proc/self/exe This was interfering with a +special purpose debugging tool. A simple reproducer is below.: + +#include <pthread.h> +#include <unistd.h> +#include <stdio.h> +#include <errno.h> +#include <stdlib.h> +#include <sys/types.h> + +#define BUFSIZE 2048 + +void *thread_main(void *arg){ + char *str=(char*)arg; + char buf[BUFSIZE]; + ssize_t len=readlink("/proc/self/exe", buf, BUFSIZE); + if(len==-1) + printf("/proc/self/exe in %s: %s\n", str,sys_errlist[errno]); + else + printf("/proc/self/exe in %s: OK\n", str); + + return 0; +} + +int main(){ + pthread_t thread; + + int retval=pthread_create( &thread, NULL, thread_main, "thread"); + if(retval!=0) + exit(1); + + thread_main("main"); + pthread_join(thread, NULL); + + exit(0); +} + +Signed-off-by: Ben Woodard <woodard@redhat.com> +Signed-off-by: Mark Grondona <mgrondona@llnl.gov> +--- + kernel/ptrace.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kernel/ptrace.c b/kernel/ptrace.c +index acbd284..347c4c7 100644 +--- a/kernel/ptrace.c ++++ b/kernel/ptrace.c +diff -ruNp linux-3.8.4-103.fc17.noarch/kernel/ptrace.c linux-3.8.4-103.fc17.ptrace/kernel/ptrace.c +--- linux-3.8.4-103.fc17.noarch/kernel/ptrace.c 2013-02-18 17:58:34.000000000 -0600 ++++ linux-3.8.4-103.fc17.ptrace/kernel/ptrace.c 2013-03-26 14:59:01.939396346 -0500 +@@ -234,7 +234,7 @@ static int __ptrace_may_access(struct ta + */ + int dumpable = 0; + /* Don't let security modules deny introspection */ +- if (task == current) ++ if (same_thread_group(task, current)) + return 0; + rcu_read_lock(); + tcred = __task_cred(task); +-- +1.8.1.4 + +-- +To unsubscribe from this list: send the line "unsubscribe linux-kernel" in +the body of a message to majordomo@vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html +Please read the FAQ at http://www.tux.org/lkml/ |