Re: [PATCH] prctl: remove one-shot limitation for changing exe link

From: Cyrill Gorcunov
Date: Tue Jul 12 2016 - 13:29:42 EST

On Tue, Jul 12, 2016 at 11:52:09AM -0500, Eric W. Biederman wrote:
> >
> > Persistent exe-link doesn't guarantee anything if you have rights to ptrace
> > task and inject own code into (from security POV). So lets rip it out.
> >
> > Acked-by: Cyrill Gorcunov <gorcunov@xxxxxxxxxx>
> I believe the original concern was someone injecting a code into a
> process and playing silly buggers with the exe link. Someone who does
> not have ptrace capability.

If you manage to inject code into a process, that's all, you're
compromised, preventing changing exe-link several times wont help
much I fear. Current limit -- one may change it once, Stas' patch
simply removes this limitation. The ability to change it only _once_
may be suitable for some kind of monitor daemon I guess but this
monitor should detect any change in exe-link state and notify
node's admin, otherwise it's simply useless.

> It is completely not ok to change this until someone goes back to the
> original conversation and looks at the original threat model, and
> refutes it.