Re: [Fedora 12/19] ptrace: Do not allow ptrace() from unsigned process to signed one

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Sep 04, 2013 at 09:42:34PM +0000, Matthew Garrett wrote:
[ CC kexec fedora list ]

> On Wed, 2013-09-04 at 17:24 -0400, Vivek Goyal wrote:
> 
> Doesn't this:
> 
> > +		if (!ptraced_by_unsafe_tracer())
> > +			bprm->cred->proc_signed = true;
> 
> race with this if the attacker is able to run between the check and
> proc_signed being set to true?

I think this should not be a problem. task->signal->cred_guard_mutex
should provide mutual exclusion here.

ptrace_attach()
    mutex_lock_interruptible(&task->signal->cred_guard_mutex)

do_exeve_common()
 prepare_bprm_creds()
    	mutex_lock_interruptible(&current->signal->cred_guard_mutex);
 search_binary_handler()
    load_elf_binary()
        ptraced_by_unsafe_tracer();
    install_exec_creds()
        mutex_unlock(&current->signal->cred_guard_mutex);

So cred_guard_mutex is held while bprm is being prepared and till it is
installed. I think in that duration, no process can do a fresh
ptrace_attach().

Thanks
Vivek
_______________________________________________
kernel mailing list
kernel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/kernel





[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Tux]     [Yosemite News]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [USB]     [Asterisk PBX]

  Powered by Linux