This series has a bunch of loosely-related fixes for minor security bugs. Since the bugs are minor and the patches aren't trivial, I'm sending it publicly. The reason I'm bundling these patches up as a series instead of sending patches one by one is that e.g. patch 2 creates some common infrastructure that multiple other patches depend on. For specific information about what the purpose of this series is, please see the individual commits - but the general theme is: - get rid of races that can leak things like userspace addresses during setuid execve() - get rid of procfs files that cause unexpected behavior when passed around - add warnings to keep developers from creating more issues like this - document access checks Changes in v2: - removed "ptrace: forbid ptrace checks against current_cred() from VFS context" (Linus Torvalds) - use the luid scheme suggested by Andy Lutomirski - patch 2/8 changed a lot - various other changes in individual patches There is a somewhat ugly detail in patch 2/8 now, which is that the tasklist_lock is taken for reading while regenerating the luid during execve. I'm not sure whether that can be avoided. Jann Horn (8): exec: introduce cred_guard_light exec: turn self_exec_id into self_privunit proc: use open()-time creds for ptrace checks futex: don't leak robust_list pointer proc: lock properly in ptrace_may_access callers ptrace: warn on ptrace_may_access without proper locking fs/proc: fix attr access check Documentation: add security/ptrace_checks.txt Documentation/security/ptrace_checks.txt | 229 +++++++++++++++++++++++++++++++ fs/exec.c | 56 +++++++- fs/proc/array.c | 10 +- fs/proc/base.c | 224 ++++++++++++++++++++++-------- fs/proc/internal.h | 14 ++ fs/proc/namespaces.c | 14 ++ include/linux/init_task.h | 1 + include/linux/lsm_hooks.h | 3 +- include/linux/ptrace.h | 5 + include/linux/sched.h | 27 +++- include/linux/security.h | 10 +- kernel/fork.c | 6 +- kernel/futex.c | 30 ++-- kernel/futex_compat.c | 30 ++-- kernel/ptrace.c | 54 ++++++-- kernel/signal.c | 5 +- security/apparmor/include/ipc.h | 2 +- security/apparmor/ipc.c | 4 +- security/apparmor/lsm.c | 14 +- security/commoncap.c | 8 +- security/security.c | 5 +- security/selinux/hooks.c | 15 +- security/smack/smack_lsm.c | 18 ++- security/yama/yama_lsm.c | 9 +- 24 files changed, 662 insertions(+), 131 deletions(-) create mode 100644 Documentation/security/ptrace_checks.txt -- 2.1.4 -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
