TLS info and core files?

As a debugger developer, I find it quite handy when debugging a real process to use the PTRACE_GET_THREAD_AREA or PTRACE_GET_ARCH_PRCTL calls to dig up pthread IDs without having to know too much about the internals of the pthread library. (It would be even handier if the info was more consistent

ptrace and setuid problem

No, not a new security hole (exactly), more of a philosophy question: If I exec a setuid program under ptrace, I can read the image via PEEKDATA requests. Could (or should) that be considered a security hole? Come to think of it, should any executable with no read access (setuid or not) be

Re: ptrace and setuid problem

Andreas Schwab wrote: Tom Horsley [EMAIL PROTECTED] writes: If I exec a setuid program under ptrace, I can read the image via PEEKDATA requests. Only CAP_SYS_PTRACE capable processes get suid/sgid semantics under ptrace, or can attach to a privileged processes. Andreas. I realize

BUG at net/sunrpc/svc_xprt.c:921

I noticed some previous messages with this subject, but the walkback I'm getting doesn't match exactly the ones shown in the threads I saw, so I figured I'd send this in. This happens on both my Fedora 18 and Fedora 17 partitions when mounting filesystems from very old servers that need the

Re: BUG at net/sunrpc/svc_xprt.c:921 (another one)

On Fri, 15 Feb 2013 14:22:29 -0500 J. Bruce Fields wrote: Any more reports positive or negative welcome. Well, I don't have the time or energy to try patches on my system at work, but these seem to be concerned with terminating an NFS connection. My aborts all happen at boot when it is trying

4.6 security problem with KVM?

I submitted this fedora bugzilla recently: https://bugzilla.redhat.com/show_bug.cgi?id=1352325 Among other things, it shows a Windows 10 KVM virtual machine causing strange side effects back on the fedora 24 host, which sure seems like the sort of thing that might be a security issue. After

How the devil can gettid() return 1?

Every once in a while google-chrome goes into a 100% cpu loop. I got curious and examined the thread that was running at 100% and strace says this over and over again till I interrupt it: gettid()= 1 gettid()= 1 gettid()

www.tux.org no longer exists :-(.

The official lkml FAQ links all point to www.tux.org. There is no DNS entry for any server I've queried for www.tux.org. This makes it kind of difficult to read the FAQ. One example: tomh> nslookup www.tux.org 8.8.8.8 Server: 8.8.8.8 Address:8.8.8.8#53 ** server can't find

Re: [PATCH] exec: Weaken dumpability for secureexec

at.com/show_bug.cgi?id=1528633 > > > > Reported-by: Tom Horsley <horsley1...@gmail.com> > > Seems right, any chance we could get a tested-by: Tom? (Did we already > get that?) I didn't test it myself, but all I'd do is run the test program I've attached to the bu

ptrace versus setuid changes in 4.14?

On my fedora 26 box with a 4.13 kernel, when a process under ptrace control did an exec of a setuid program, the program lost all of its setuid privileges and ptrace could operate on it like a normal program. Experimental evidence seems to indicate that on fedora 27 with a 4.14 kernel, ptrace

Re: ptrace versus setuid changes in 4.14?

On Fri, 22 Dec 2017 12:28:25 -0800 Laura Abbott wrote: > Assuming this is https://bugzilla.redhat.com/show_bug.cgi?id=1528633 > This is yet another victim of > > commit e37fdb785a5f95ecadf43b773c97f676500ac7b8 (refs/bisect/bad) > Author: Kees Cook > Date: Tue Jul 18

Re: [PATCH] exec: Weaken dumpability for secureexec

On Wed, 3 Jan 2018 09:21:16 -0800 Kees Cook wrote: > The more interesting thing here is that secureexec is set for a > process that ISN'T actually setuid. (ptrace of a setuid process). I > think tha'ts the real bug, but not something I'm going to be able to > fix quickly. So, for now, I want to

ptrace and setuid problem

No, not a new security hole (exactly), more of a philosophy question: If I exec a setuid program under ptrace, I can read the image via PEEKDATA requests. Could (or should) that be considered a security hole? Come to think of it, should any executable with no read access (setuid or not) be

Re: ptrace and setuid problem

Andreas Schwab wrote: Tom Horsley <[EMAIL PROTECTED]> writes: If I exec a setuid program under ptrace, I can read the image via PEEKDATA requests. Only CAP_SYS_PTRACE capable processes get suid/sgid semantics under ptrace, or can attach to a privileged processes. Andreas. I r

TLS info and core files?

As a debugger developer, I find it quite handy when debugging a real process to use the PTRACE_GET_THREAD_AREA or PTRACE_GET_ARCH_PRCTL calls to dig up pthread IDs without having to know too much about the internals of the pthread library. (It would be even handier if the info was more consistent

BUG at net/sunrpc/svc_xprt.c:921

I noticed some previous messages with this subject, but the walkback I'm getting doesn't match exactly the ones shown in the threads I saw, so I figured I'd send this in. This happens on both my Fedora 18 and Fedora 17 partitions when mounting filesystems from very old servers that need the

Re: BUG at net/sunrpc/svc_xprt.c:921 (another one)

On Fri, 15 Feb 2013 14:22:29 -0500 J. Bruce Fields wrote: > Any more reports positive or negative welcome. Well, I don't have the time or energy to try patches on my system at work, but these seem to be concerned with terminating an NFS connection. My aborts all happen at boot when it is trying

Re: [PATCH] exec: Weaken dumpability for secureexec

On Wed, 3 Jan 2018 09:21:16 -0800 Kees Cook wrote: > The more interesting thing here is that secureexec is set for a > process that ISN'T actually setuid. (ptrace of a setuid process). I > think tha'ts the real bug, but not something I'm going to be able to > fix quickly. So, for now, I want to

ptrace versus setuid changes in 4.14?

On my fedora 26 box with a 4.13 kernel, when a process under ptrace control did an exec of a setuid program, the program lost all of its setuid privileges and ptrace could operate on it like a normal program. Experimental evidence seems to indicate that on fedora 27 with a 4.14 kernel, ptrace

Re: ptrace versus setuid changes in 4.14?

On Fri, 22 Dec 2017 12:28:25 -0800 Laura Abbott wrote: > Assuming this is https://bugzilla.redhat.com/show_bug.cgi?id=1528633 > This is yet another victim of > > commit e37fdb785a5f95ecadf43b773c97f676500ac7b8 (refs/bisect/bad) > Author: Kees Cook > Date: Tue Jul 18 15:25:31 2017 -0700 > >

Re: [PATCH] exec: Weaken dumpability for secureexec

at.com/show_bug.cgi?id=1528633 > > > > Reported-by: Tom Horsley > > Seems right, any chance we could get a tested-by: Tom? (Did we already > get that?) I didn't test it myself, but all I'd do is run the test program I've attached to the bugzilla above which is trivial com

How the devil can gettid() return 1?

Every once in a while google-chrome goes into a 100% cpu loop. I got curious and examined the thread that was running at 100% and strace says this over and over again till I interrupt it: gettid()= 1 gettid()= 1 gettid()

www.tux.org no longer exists :-(.

The official lkml FAQ links all point to www.tux.org. There is no DNS entry for any server I've queried for www.tux.org. This makes it kind of difficult to read the FAQ. One example: tomh> nslookup www.tux.org 8.8.8.8 Server: 8.8.8.8 Address:8.8.8.8#53 ** server can't find

4.6 security problem with KVM?

I submitted this fedora bugzilla recently: https://bugzilla.redhat.com/show_bug.cgi?id=1352325 Among other things, it shows a Windows 10 KVM virtual machine causing strange side effects back on the fedora 24 host, which sure seems like the sort of thing that might be a security issue. After