Re: [patch 1/2] c/r: prctl: Add ability to set new mm_struct::exe_file

From: richard -rw- weinberger
Date: Mon Mar 19 2012 - 19:02:46 EST

Next message: Tejun Heo: "[GIT PULL] workqueue changes for v3.4"
Previous message: Andrew Morton: "Re: [patch 1/2] c/r: prctl: Add ability to set newmm_struct::exe_file"
In reply to: Cyrill Gorcunov: "Re: [patch 1/2] c/r: prctl: Add ability to set newmm_struct::exe_file"
Next in thread: Cyrill Gorcunov: "Re: [patch 1/2] c/r: prctl: Add ability to set newmm_struct::exe_file"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 19, 2012 at 11:46 PM, Andrew Morton
<akpm@xxxxxxxxxxxxxxxxxxxx> wrote:
> Well, let's discuss this more completely. In what ways could an
> attacker use this? How serious is the problem? What actions can be
> taken to lessen it? etcetera.

After considering the problem a bit more I think it's not a big problem.
We must not trust /proc/pid/exe in anyway.
An attacker can always execute another binary without calling execve().

So, why makes that one-short fashion the feature more secure?
Let the user change the exe symlink as often as he wants.
>From a security point of view the exe symlink is anyway useless.

--
Thanks,
//richard
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tejun Heo: "[GIT PULL] workqueue changes for v3.4"
Previous message: Andrew Morton: "Re: [patch 1/2] c/r: prctl: Add ability to set newmm_struct::exe_file"
In reply to: Cyrill Gorcunov: "Re: [patch 1/2] c/r: prctl: Add ability to set newmm_struct::exe_file"
Next in thread: Cyrill Gorcunov: "Re: [patch 1/2] c/r: prctl: Add ability to set newmm_struct::exe_file"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]