Re: [PATCH 1/2] security: let security modules use PTRACE_MODE_* with bitmasks

From: Kees Cook
Date: Mon Dec 07 2015 - 16:31:00 EST

Next message: Seth Forshee: "[PATCH v2 06/18] Smack: Handle labels consistently in untrusted mounts"
Previous message: Seth Forshee: "[PATCH v2 09/18] fs: Refuse uid/gid changes which don't map into s_user_ns"
In reply to: Jann Horn: "[PATCH 1/2] security: let security modules use PTRACE_MODE_* with bitmasks"
Next in thread: Casey Schaufler: "Re: [PATCH 1/2] security: let security modules use PTRACE_MODE_* with bitmasks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Dec 7, 2015 at 1:25 PM, Jann Horn <jann@xxxxxxxxx> wrote:
> It looks like smack and yama weren't aware that the ptrace mode
> can have flags ORed into it - PTRACE_MODE_NOAUDIT until now, but
> only for /proc/$pid/stat, and with the PTRACE_MODE_*CREDS patch,
> all modes have flags ORed into them.
>
> Signed-off-by: Jann Horn <jann@xxxxxxxxx>

Acked-by: Kees Cook <keescook@xxxxxxxxxxxx>

-Kees

> ---
> security/smack/smack_lsm.c | 8 +++-----
> security/yama/yama_lsm.c | 4 ++--
> 2 files changed, 5 insertions(+), 7 deletions(-)
>
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index ff81026..7c57c7f 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -398,12 +398,10 @@ static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
> */
> static inline unsigned int smk_ptrace_mode(unsigned int mode)
> {
> - switch (mode) {
> - case PTRACE_MODE_READ:
> - return MAY_READ;
> - case PTRACE_MODE_ATTACH:
> + if (mode & PTRACE_MODE_ATTACH)
> return MAY_READWRITE;
> - }
> + if (mode & PTRACE_MODE_READ)
> + return MAY_READ;
>
> return 0;
> }
> diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
> index d3c19c9..cb6ed10 100644
> --- a/security/yama/yama_lsm.c
> +++ b/security/yama/yama_lsm.c
> @@ -281,7 +281,7 @@ static int yama_ptrace_access_check(struct task_struct *child,
> int rc = 0;
>
> /* require ptrace target be a child of ptracer on attach */
> - if (mode == PTRACE_MODE_ATTACH) {
> + if (mode & PTRACE_MODE_ATTACH) {
> switch (ptrace_scope) {
> case YAMA_SCOPE_DISABLED:
> /* No additional restrictions. */
> @@ -307,7 +307,7 @@ static int yama_ptrace_access_check(struct task_struct *child,
> }
> }
>
> - if (rc) {
> + if (rc && (mode & PTRACE_MODE_NOAUDIT) == 0) {
> printk_ratelimited(KERN_NOTICE
> "ptrace of pid %d was attempted by: %s (pid %d)\n",
> child->pid, current->comm, current->pid);
> --
> 2.1.4
>

--
Kees Cook
Chrome OS & Brillo Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Seth Forshee: "[PATCH v2 06/18] Smack: Handle labels consistently in untrusted mounts"
Previous message: Seth Forshee: "[PATCH v2 09/18] fs: Refuse uid/gid changes which don't map into s_user_ns"
In reply to: Jann Horn: "[PATCH 1/2] security: let security modules use PTRACE_MODE_* with bitmasks"
Next in thread: Casey Schaufler: "Re: [PATCH 1/2] security: let security modules use PTRACE_MODE_* with bitmasks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]