On Jul 24, 2016 11:38 PM, "Ingo Molnar" <[email protected]> wrote: > > > * Andy Lutomirski <[email protected]> wrote: > > > On Mon, Jun 20, 2016 at 4:39 PM, Andy Lutomirski <[email protected]> wrote: > > > Setting TS_COMPAT in ptrace is wrong: if we happen to do it during > > > syscall entry, then we'll confuse seccomp and audit. (The former > > > isn't a security problem: seccomp is currently entirely insecure if a > > > malicious ptracer is attached.) As a minimal fix, this patch adds a > > > new flag TS_I386_REGS_POKED that handles the ptrace special case. > > > > Hi Ingo- > > > > Could you apply this one patch for 4.8? While I don't think it's a > > significant security issue in 4.7 or earlier, leaving it unfixed in > > 4.8 will introduce a potentially unpleasant interaction with some > > seccomp changes that are queued up in the > > security tree for 4.8. > > > > It will have a trivially-resolvable conflict with -mm. > > > > The rest of the series this is in can wait. > > I don't mind the rest of the series either - could you please repost it (with > the > review feedback addressed)?
I'm nervous about it for a couple reasons involving the fact that it's user visible. 1. It doesn't make gdb work right in all the cases that gdb currently gets wrong. I haven't had time to think about whether there's a minimal tweak that would fix this. 2. It might have annoying interactions with seccomp whitelists. I don't know that for sure, but I still don't love it. Patch 1 is only user-visible in the case where the current behavior is clearly wrong, so I'd personally be more comfortable applying just patch 1 for 4.8. --Andy
