Re: [rfc 4/4] prctl: PR_SET_MM -- Introduce PR_SET_MM_MAP operation, v3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Jul 24, 2014 at 12:31:54PM -0700, Kees Cook wrote:
...
> > +
> > +#ifdef CONFIG_STACK_GROWSUP
> > +       if (may_adjust_brk(rlimit(RLIMIT_STACK),
> > +                          stack_vma->vm_end,
> > +                          prctl_map->start_stack, 0, 0))
> > +#else
> > +       if (may_adjust_brk(rlimit(RLIMIT_STACK),
> > +                          prctl_map->start_stack,
> > +                          stack_vma->vm_start, 0, 0))
> > +#endif
> > +               goto out;
> 
> Ah! Sorry, I missed this use of may_adjust_brk here. Perhaps rename
> it, since we're not checking brk here, and pass the RLIMIT_* value to
> the function, which can look it up itself? "check_vma_rlimit" ?

Yeah, a name is a bit confusing, but I guess check_vma_rlimit() is not
much better ;-) What we do inside -- we test if a sum of two intervals
or arguments in this helper so that it won't care about the logical
context it been called from, but then realized that this would be a way
too much of unneeded complexity. So if noone else pop with better suggestion
on name i'll update it to check_vma_rlimit (because it's more general
in compare to may_adjust_brk :-).

> > +
> > +       /*
> > +        * Finally, make sure the caller has the rights to
> > +        * change /proc/pid/exe link: only local root should
> > +        * be allowed to.
> > +        */
> > +       if (prctl_map->exe_fd != (u32)-1) {
> > +               struct user_namespace *ns = current_user_ns();
> > +               const struct cred *cred = current_cred();
> > +
> > +               if (!uid_eq(cred->uid, make_kuid(ns, 0)) ||
> > +                   !gid_eq(cred->gid, make_kgid(ns, 0)))
> > +                       goto out;
> > +       }
> 
> I got tricked for a moment here. :) I see that even if we pass this
> check, prctl_set_mm_exe_file will still do the additional checks too
> during prctl_set_mm_map. Excellent!

Yeah.

> >
> > +#ifdef CONFIG_CHECKPOINT_RESTORE
> > +       if (opt == PR_SET_MM_MAP || opt == PR_SET_MM_MAP_SIZE)
> > +               return prctl_set_mm_map(opt, (const void __user *)addr, arg4);
> > +#endif
> > +
> >         if (!capable(CAP_SYS_RESOURCE))
> >                 return -EPERM;
> >
> >
> 
> I think this is looking good. Thanks for the refactoring!

Thanks a huge for comments!!!

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]