Tree - rpms/kernel - CentOS Git server

rpms / kernel

Files

Commit: 498db5becd27cfe48bcd576473ef6dcf0f7a786e

Blob Blame History Raw

 Allow threads other than the main thread to do introspection of files in 
proc without relying on read permissions. proc_pid_follow_link() calls 
proc_fd_access_allowed() which ultimately calls __ptrace_may_access().
 
Though this allows additional access to some proc files, we do not 
believe that this has any unintended security implications. However it 
probably needs to be looked at carefully.
 
The original problem was a thread of a process whose permissions were 
111 couldn't open its own /proc/self/exe This was interfering with a 
special purpose debugging tool. A simple reproducer is below.:
 
#include <pthread.h>
#include <unistd.h>
#include <stdio.h>
#include <errno.h>
#include <stdlib.h>
#include <sys/types.h>
 
#define BUFSIZE 2048
 
void *thread_main(void *arg){
   char *str=(char*)arg;
   char buf[BUFSIZE];
   ssize_t len=readlink("/proc/self/exe", buf, BUFSIZE);
   if(len==-1)
     printf("/proc/self/exe in %s: %s\n", str,sys_errlist[errno]);
   else
     printf("/proc/self/exe in %s: OK\n", str);
 
   return 0;
}
 
int main(){
   pthread_t thread;
 
   int retval=pthread_create( &thread, NULL, thread_main, "thread");
   if(retval!=0)
     exit(1);
 
   thread_main("main");
   pthread_join(thread, NULL);
 
   exit(0);
}
 
Signed-off-by: Ben Woodard <woodard@redhat.com>
Signed-off-by: Mark Grondona <mgrondona@llnl.gov>
---
  kernel/ptrace.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index acbd284..347c4c7 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
diff -ruNp linux-3.8.4-103.fc17.noarch/kernel/ptrace.c linux-3.8.4-103.fc17.ptrace/kernel/ptrace.c
--- linux-3.8.4-103.fc17.noarch/kernel/ptrace.c	2013-02-18 17:58:34.000000000 -0600
+++ linux-3.8.4-103.fc17.ptrace/kernel/ptrace.c	2013-03-26 14:59:01.939396346 -0500
@@ -234,7 +234,7 @@ static int __ptrace_may_access(struct ta
 	 */
 	int dumpable = 0;
 	/* Don't let security modules deny introspection */
-	if (task == current)
+	if (same_thread_group(task, current))
 		return 0;
 	rcu_read_lock();
 	tcred = __task_cred(task);
-- 
1.8.1.4
 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

	Allow threads other than the main thread to do introspection of files in
	proc without relying on read permissions. proc_pid_follow_link() calls
	proc_fd_access_allowed() which ultimately calls __ptrace_may_access().

	Though this allows additional access to some proc files, we do not
	believe that this has any unintended security implications. However it
	probably needs to be looked at carefully.

	The original problem was a thread of a process whose permissions were
	111 couldn't open its own /proc/self/exe This was interfering with a
	special purpose debugging tool. A simple reproducer is below.:

	#include <pthread.h>
	#include <unistd.h>
	#include <stdio.h>
	#include <errno.h>
	#include <stdlib.h>
	#include <sys/types.h>

	#define BUFSIZE 2048

	void thread_main(void arg){
	char str=(char)arg;
	char buf[BUFSIZE];
	ssize_t len=readlink("/proc/self/exe", buf, BUFSIZE);
	if(len==-1)
	printf("/proc/self/exe in %s: %s\n", str,sys_errlist[errno]);
	else
	printf("/proc/self/exe in %s: OK\n", str);

	return 0;
	}

	int main(){
	pthread_t thread;

	int retval=pthread_create( &thread, NULL, thread_main, "thread");
	if(retval!=0)
	exit(1);

	thread_main("main");
	pthread_join(thread, NULL);

	exit(0);
	}

	Signed-off-by: Ben Woodard <woodard@redhat.com>
	Signed-off-by: Mark Grondona <mgrondona@llnl.gov>
	---
	kernel/ptrace.c \| 2 +-
	1 file changed, 1 insertion(+), 1 deletion(-)

	diff --git a/kernel/ptrace.c b/kernel/ptrace.c
	index acbd284..347c4c7 100644
	--- a/kernel/ptrace.c
	+++ b/kernel/ptrace.c
	diff -ruNp linux-3.8.4-103.fc17.noarch/kernel/ptrace.c linux-3.8.4-103.fc17.ptrace/kernel/ptrace.c
	--- linux-3.8.4-103.fc17.noarch/kernel/ptrace.c 2013-02-18 17:58:34.000000000 -0600
	+++ linux-3.8.4-103.fc17.ptrace/kernel/ptrace.c 2013-03-26 14:59:01.939396346 -0500
	@@ -234,7 +234,7 @@ static int __ptrace_may_access(struct ta
	*/
	int dumpable = 0;
	/* Don't let security modules deny introspection */
	- if (task == current)
	+ if (same_thread_group(task, current))
	return 0;
	rcu_read_lock();
	tcred = __task_cred(task);
	--
	1.8.1.4

	--
	To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
	the body of a message to majordomo@vger.kernel.org
	More majordomo info at http://vger.kernel.org/majordomo-info.html
	Please read the FAQ at http://www.tux.org/lkml/

rpms / kernel

Source Code

Files