Re: [PATCH v2] x86/ptrace: Stop setting TS_COMPAT in ptrace code
From: Andy Lutomirski
Date: Mon Jun 20 2016 - 15:43:27 EST
On Mon, Jun 20, 2016 at 9:29 AM, Andy Lutomirski <luto@xxxxxxxxxx> wrote:
> Setting TS_COMPAT in ptrace is wrong: if we happen to do it during
> syscall entry, then we'll confuse seccomp and audit. (The former
> isn't a security problem: seccomp is currently entirely insecure if a
> malicious ptracer is attached.) As a minimal fix, this patch adds a
> new flag TS_I386_REGS_POKED that handles the ptrace special case.
>
> Cc: Pedro Alves <palves@xxxxxxxxxx>
> Cc: Oleg Nesterov <oleg@xxxxxxxxxx>
> Cc: Kees Cook <keescook@xxxxxxxxxxxx>
> Signed-off-by: Andy Lutomirski <luto@xxxxxxxxxx>
In case you're interested, my draft followup (definitely not for x86/urgent) is:
https://git.kernel.org/cgit/linux/kernel/git/luto/linux.git/commit/?h=x86/vmap_stack&id=50d2f2a9fe1b
Pedro, this appears to pass ptrace-tests. I need to try the 64-vs-32
thing, but it's intended to fix it for real. It may not work for in
really exotic cases like gdb under UML, but I don't know if we can fix
that even in principle.
Some day we should expose syscall arch directly via ptrace.
--Andy