On Sat, Dec 5, 2015 at 6:04 PM, Jann Horn wrote:
> By checking the effective credentials instead of the real UID /
> permitted capabilities, ensure that the calling process actually
> intended to use its credentials.
>
> To ensure that all ptrace checks use the correct caller
>
On Mon, Dec 07, 2015 at 12:32:06PM -0800, Kees Cook wrote:
> On Sat, Dec 5, 2015 at 6:04 PM, Jann Horn wrote:
[...]
> > - if (ptrace_may_access(task, PTRACE_MODE_READ)) {
> > + if (ptrace_may_access(task, PTRACE_MODE_READ |
> > PTRACE_MODE_FSCREDS)) {
>
> This should
Whoops. After Kees pointed out my last mistake, I decided to grep around a bit
to make sure
I didn't miss anything else and noticed that apparently, Yama and Smack aren't
completely
aware that the ptrace access mode can have flags ORed in? Until now, it was
just the
NOAUDIT flag for
By checking the effective credentials instead of the real UID /
permitted capabilities, ensure that the calling process actually
intended to use its credentials.
To ensure that all ptrace checks use the correct caller
credentials (e.g. in case out-of-tree code or newly added code
omits the
On Mon, Nov 09, 2015 at 12:55:54PM -0800, Andrew Morton wrote:
> > --- a/fs/proc/array.c
> > +++ b/fs/proc/array.c
> > @@ -395,7 +395,8 @@ static int do_task_stat(struct seq_file *m, struct
> > pid_namespace *ns,
> >
> > state = *get_task_state(task);
> > vsize = eip = esp = 0;
> > -
On Mon, Nov 09, 2015 at 12:55:54PM -0800, Andrew Morton wrote:
> On Sun, 8 Nov 2015 13:08:36 +0100 Jann Horn wrote:
>
> > By checking the effective credentials instead of the real UID /
> > permitted capabilities, ensure that the calling process actually
> > intended to use its
On Mon, 9 Nov 2015 22:12:09 +0100 Jann Horn wrote:
>
> > Can we do
> >
> > #define PTRACE_foo (PTRACE_MODE_READ|PTRACE_MODE_FSCREDS)
> >
> > to avoid all that?
>
> Hm. All combinations of the PTRACE_MODE_*CREDS flags with
> PTRACE_MODE_{READ,ATTACH} plus optionally
On Sun, 8 Nov 2015 13:08:36 +0100 Jann Horn wrote:
> By checking the effective credentials instead of the real UID /
> permitted capabilities, ensure that the calling process actually
> intended to use its credentials.
>
> To ensure that all ptrace checks use the correct caller
By checking the effective credentials instead of the real UID /
permitted capabilities, ensure that the calling process actually
intended to use its credentials.
To ensure that all ptrace checks use the correct caller
credentials (e.g. in case out-of-tree code or newly added code
omits the