[PATCH] proc: do not allow negative offsets on /proc/pid/environ

2012-07-22 Thread Djalal Harouni
this is not a security issue, but we should not be able to abuse it. Signed-off-by: Djalal Harouni tix...@opendz.org --- New kernels include mm-env_start in /proc/pid/stat To dump .text area: lseek() to 0x0040 - mm-env_start fs/proc/base.c |9 ++--- 1 files changed, 6 insertions(+), 3

Re: [PATCH] proc: do not allow negative offsets on /proc/pid/environ

2012-07-22 Thread Djalal Harouni
Hi Oleg, On Sun, Jul 22, 2012 at 10:00:49PM +0200, Oleg Nesterov wrote: On 07/22, Djalal Harouni wrote: __mem_open() which is called by both /proc/pid/environ and /proc/pid/mem -open() handlers will allow the use of negative offsets. /proc/pid/mem has negative offsets but not /proc/pid

[PATCH v2 0/2] proc: /proc/pid/environ offset fixes

2012-07-24 Thread Djalal Harouni
operations. Djalal Harouni (2): proc: environ_read() make sure offset points to environment address range proc: do not allow negative offsets on /proc/pid/environ fs/proc/base.c | 22 +- 1 files changed, 13 insertions(+), 9 deletions(-) V2: * Added the [PATCH 1/2

[PATCH v2 1/2] proc: environ_read() make sure offset points to environment address range

2012-07-24 Thread Djalal Harouni
b409e578d9a4ec95913e06d8f which adds the appropriate ptrace check and saves the 'mm' at -open() time, this is not a security issue. This patch is taken from the grsecurity patch since it was just made available. Cc: Oleg Nesterov o...@redhat.com Cc: Brad Spengler spen...@grsecurity.net Signed-off-by: Djalal

[PATCH v2 2/2] proc: do not allow negative offsets on /proc/pid/environ

2012-07-24 Thread Djalal Harouni
on /proc/pid/mem. Cc: Oleg Nesterov o...@redhat.com Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c |9 ++--- 1 files changed, 6 insertions(+), 3 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index 39ee093..1b6c84c 100644 --- a/fs/proc/base.c +++ b/fs/proc

[PATCH v2] iwlwifi: mvm: make debugfs write() operations write up to count bytes

2013-08-24 Thread Djalal Harouni
-off-by: Djalal Harouni tix...@opendz.org Cc: Berg, Johannes johannes.b...@intel.com --- Patch compile tested only. v2 Clean patch and use min_t() as noted by Berg Johannes drivers/net/wireless/iwlwifi/mvm/debugfs.c | 12 1 file changed, 8 insertions(+), 4 deletions(-) diff --git

[PATCH] ath5k: debugfs: NULL-terminate strings

2013-08-25 Thread Djalal Harouni
Avoid processing garbage data by NULL terminating the strings. Signed-off-by: Djalal Harouni tix...@opendz.org --- Patch compile tested only. drivers/net/wireless/ath/ath5k/debug.c | 24 ++-- 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/drivers/net/wireless

[PATCH 1/2] procfs: restore 0400 permissions on /proc/*/{syscall,stack,personality}

2013-08-26 Thread Djalal Harouni
Avoid giving an fd on privileged files for free by switching these files to 0400 mode. This patch restores the old mode which was 0400 Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/fs/proc

[PATCH 2/2] procfs: restore 0400 permissions on /proc/*/pagemap

2013-08-26 Thread Djalal Harouni
Do not give an fd on privileged /proc/*/pagemap files for free. Restore the previous 0400 mode Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index 6b162cd..93a1c89 100644

Re: [PATCH 1/2] procfs: restore 0400 permissions on /proc/*/{syscall,stack,personality}

2013-08-26 Thread Djalal Harouni
On Mon, Aug 26, 2013 at 09:49:48AM -0700, Eric W. Biederman wrote: Djalal Harouni tix...@opendz.org writes: Avoid giving an fd on privileged files for free by switching these files to 0400 mode. This seems to be a revert of Al's patch in March of 2011 based on broken reasoning. Yes

Re: [PATCH 1/2] procfs: restore 0400 permissions on /proc/*/{syscall,stack,personality}

2013-08-27 Thread Djalal Harouni
thread that added the /proc/*/stack feature: https://lkml.org/lkml/2008/11/7/109 They noted that it should be under 0400 permissions So why remove that, or why not restore the old safe behaviour ? Hope to get a response Thanks Al -- Djalal Harouni http://opendz.org -- To unsubscribe from

[PATCH] Btrfs: do not ignore errors when truncating the free space cache inode

2013-06-18 Thread Djalal Harouni
btrfs_check_trunc_cache_free_space() tries to check if there is enough space for cache inode truncation but it fails. Currently this function always returns success even if there is no enough space. Fix this by returning the -ENOSPC error code. Signed-off-by: Djalal Harouni tix...@opendz.org

Re: [PATCH 1/2] procfs: restore 0400 permissions on /proc/*/{syscall,stack,personality}

2013-09-11 Thread Djalal Harouni
Hi Eric, (Sorry for the delay, please see below) On Sat, Aug 31, 2013 at 06:44:39PM -0700, Eric W. Biederman wrote: Djalal Harouni tix...@opendz.org writes: [...] Yes Kees, I did try a year ago to adapt the exec_id from grsecurity and failed (and failed again to resend - not enough

[PATCH v2 0/9] procfs: protect /proc/pid/* files with file-f_cred

2013-10-01 Thread Djalal Harouni
- Patchset cleaned Version 1 was discussed here: https://lkml.org/lkml/2013/9/25/459 The following series tries to implement what I describe. Djalal Harouni (9): procfs: add proc_same_open_cred() to check if the cred have changed procfs: add proc_allow_access() to check if file's opener may

[PATCH v2 1/9] procfs: add proc_same_open_cred() to check if the cred have changed

2013-10-01 Thread Djalal Harouni
changed which means that perhaps we have gain or lost the privileges of processing the /proc file descriptor. So add proc_same_open_cred() to check if the cred have changed. Cc: Kees Cook keesc...@chromium.org Suggested-by: Eric W. Biederman ebied...@xmission.com Signed-off-by: Djalal Harouni tix

[PATCH v2 2/9] procfs: add proc_allow_access() to check if file's opener may access task

2013-10-01 Thread Djalal Harouni
. This function should be used with the ptrace_may_access() check. Cc: Kees Cook keesc...@chromium.org Suggested-by: Eric W. Biederman ebied...@xmission.com Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c | 56 ++ fs/proc

[PATCH v2 3/9] procfs: Document the proposed solution to protect procfs entries

2013-10-01 Thread Djalal Harouni
Note the proposed solution to protect sensitive procfs entries as code comment. Cc: Kees Cook keesc...@chromium.org Suggested-by: Eric W. Biederman ebied...@xmission.com Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c | 11 +++ 1 file changed, 11 insertions(+) diff

[PATCH v2 4/9] procfs: make /proc/*/{stack,syscall} 0400

2013-10-01 Thread Djalal Harouni
ptrace checks. Cc: Eric W. Biederman ebied...@xmission.com Acked-by: Kees Cook keesc...@chromium.org Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index 8d21316..54e926a

[PATCH v2 5/9] procfs: make /proc entries that use seq files able to access file-f_cred

2013-10-01 Thread Djalal Harouni
in seq_file-private in seq_open(). This way these entries are able to continue to use seq files, and access the file-f_cred easily. This is also a preparation for the following patches which will check the corresponding file-f_cred. Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c

[PATCH v2 6/9] procfs: add permission checks on the file's opener of /proc/*/stat

2013-10-01 Thread Djalal Harouni
also adds a previously missing signal-cred_guard_mutex lock. This patch does not break userspace since it only hides the fields that were supposed to be protected. Cc: Kees Cook keesc...@chromium.org Cc: Eric W. Biederman ebied...@xmission.com Signed-off-by: Djalal Harouni tix...@opendz.org --- fs

[PATCH v2 7/9] procfs: add permission checks on the file's opener of /proc/*/personality

2013-10-01 Thread Djalal Harouni
-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c | 18 +++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index d4b604d..77f5b84 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2647,11 +2647,23 @@ static const struct

[PATCH v2 8/9] procfs: improve permission checks on /proc/*/stack

2013-10-01 Thread Djalal Harouni
: Kees Cook keesc...@chromium.org Cc: Eric W. Biederman ebied...@xmission.com Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c | 87 ++ 1 file changed, 75 insertions(+), 12 deletions(-) diff --git a/fs/proc/base.c b/fs/proc

[PATCH v2 9/9] procfs: improve permission checks on /proc/*/syscall

2013-10-01 Thread Djalal Harouni
the syscall entries of the task. Cc: Kees Cook keesc...@chromium.org Cc: Eric W. Biederman ebied...@xmission.com Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c | 93 -- 1 file changed, 84 insertions(+), 9 deletions(-) diff

Re: [PATCH v2 0/9] procfs: protect /proc/pid/* files with file-f_cred

2013-10-02 Thread Djalal Harouni
On Tue, Oct 01, 2013 at 06:40:41PM -0700, Andy Lutomirski wrote: On 10/01/2013 01:26 PM, Djalal Harouni wrote: /proc/pid/* entries varies at runtime, appropriate permission checks need to happen during each system call. Currently some of these sensitive entries are protected

Re: [PATCH v2 2/9] procfs: add proc_allow_access() to check if file's opener may access task

2013-10-02 Thread Djalal Harouni
On Tue, Oct 01, 2013 at 06:36:34PM -0700, Andy Lutomirski wrote: On 10/01/2013 01:26 PM, Djalal Harouni wrote: Since /proc entries varies at runtime, permission checks need to happen during each system call. However even with that /proc file descriptors can be passed to a more

Re: [PATCH v2 6/9] procfs: add permission checks on the file's opener of /proc/*/stat

2013-10-02 Thread Djalal Harouni
On Tue, Oct 01, 2013 at 06:39:00PM -0700, Andy Lutomirski wrote: On 10/01/2013 01:26 PM, Djalal Harouni wrote: Some fields of the /proc/*/stat are sensitive fields that need appropriate protection. However, /proc file descriptors can be passed to a more privileged process (e.g. a suid

Re: [PATCH v2 0/9] procfs: protect /proc/pid/* files with file-f_cred

2013-10-02 Thread Djalal Harouni
On Wed, Oct 02, 2013 at 05:51:15PM +0100, Andy Lutomirski wrote: On Wed, Oct 2, 2013 at 3:37 PM, Djalal Harouni tix...@opendz.org wrote: On Tue, Oct 01, 2013 at 06:40:41PM -0700, Andy Lutomirski wrote: On 10/01/2013 01:26 PM, Djalal Harouni wrote: /proc/pid/* entries varies at runtime

Re: [PATCH v2 0/9] procfs: protect /proc/pid/* files with file-f_cred

2013-10-02 Thread Djalal Harouni
On Wed, Oct 02, 2013 at 10:48:55AM -0700, Kees Cook wrote: On Wed, Oct 2, 2013 at 9:51 AM, Andy Lutomirski l...@amacapital.net wrote: On Wed, Oct 2, 2013 at 3:37 PM, Djalal Harouni tix...@opendz.org wrote: On Tue, Oct 01, 2013 at 06:40:41PM -0700, Andy Lutomirski wrote: On 10/01/2013 01:26

Re: [PATCH v2 0/9] procfs: protect /proc/pid/* files with file-f_cred

2013-10-02 Thread Djalal Harouni
On Wed, Oct 02, 2013 at 11:00:26AM -0700, Andy Lutomirski wrote: On Wed, Oct 2, 2013 at 10:48 AM, Kees Cook keesc...@chromium.org wrote: On Wed, Oct 2, 2013 at 9:51 AM, Andy Lutomirski l...@amacapital.net wrote: On Wed, Oct 2, 2013 at 3:37 PM, Djalal Harouni tix...@opendz.org wrote: On Tue

Re: [PATCH v2 0/9] procfs: protect /proc/pid/* files with file-f_cred

2013-10-02 Thread Djalal Harouni
On Wed, Oct 02, 2013 at 07:26:43PM +0100, Djalal Harouni wrote: On Wed, Oct 02, 2013 at 11:00:26AM -0700, Andy Lutomirski wrote: On Wed, Oct 2, 2013 at 10:48 AM, Kees Cook keesc...@chromium.org wrote: I think revoking the fd would be great. Does that mechanism exist? There's this thing

Re: [PATCH v2 0/9] procfs: protect /proc/pid/* files with file-f_cred

2013-10-02 Thread Djalal Harouni
On Wed, Oct 02, 2013 at 11:35:45AM -0700, Kees Cook wrote: On Wed, Oct 2, 2013 at 11:22 AM, Djalal Harouni tix...@opendz.org wrote: On Wed, Oct 02, 2013 at 10:48:55AM -0700, Kees Cook wrote: On Wed, Oct 2, 2013 at 9:51 AM, Andy Lutomirski l...@amacapital.net wrote: On Wed, Oct 2, 2013

Re: [PATCH v2 6/9] procfs: add permission checks on the file's opener of /proc/*/stat

2013-10-02 Thread Djalal Harouni
On Wed, Oct 02, 2013 at 05:46:19PM +0100, Andy Lutomirski wrote: On Wed, Oct 2, 2013 at 4:14 PM, Djalal Harouni tix...@opendz.org wrote: On Tue, Oct 01, 2013 at 06:39:00PM -0700, Andy Lutomirski wrote: On 10/01/2013 01:26 PM, Djalal Harouni wrote: Some fields of the /proc/*/stat

Re: [PATCH v2 0/9] procfs: protect /proc/pid/* files with file-f_cred

2013-10-03 Thread Djalal Harouni
On Thu, Oct 03, 2013 at 08:12:44AM +0200, Ingo Molnar wrote: * Djalal Harouni tix...@opendz.org wrote: Regardless, glibc uses /proc/self/maps, which would be fine here, right? I did not touch /proc/self/maps and others, but I'm planning to fix them if this solution is accepted

Re: [PATCH v2 0/9] procfs: protect /proc/pid/* files with file-f_cred

2013-10-03 Thread Djalal Harouni
On Thu, Oct 03, 2013 at 08:22:56AM +0200, Ingo Molnar wrote: * Djalal Harouni tix...@opendz.org wrote: * You can't do it for /proc/*/stat otherwise you will break userspace ps..., ps must access /proc/1/stat etc... so the proposed solution will work without any side effect

Re: [PATCH v2 2/9] procfs: add proc_allow_access() to check if file's opener may access task

2013-10-03 Thread Djalal Harouni
On Wed, Oct 02, 2013 at 05:44:17PM +0100, Andy Lutomirski wrote: On Wed, Oct 2, 2013 at 3:55 PM, Djalal Harouni tix...@opendz.org wrote: On Tue, Oct 01, 2013 at 06:36:34PM -0700, Andy Lutomirski wrote: On 10/01/2013 01:26 PM, Djalal Harouni wrote: Since /proc entries varies at runtime

Re: [PATCH v2 0/9] procfs: protect /proc/pid/* files with file-f_cred

2013-10-03 Thread Djalal Harouni
On Thu, Oct 03, 2013 at 04:15:43PM +0100, Andy Lutomirski wrote: On Thu, Oct 3, 2013 at 1:29 PM, Djalal Harouni tix...@opendz.org wrote: On Thu, Oct 03, 2013 at 08:12:44AM +0200, Ingo Molnar wrote: Now procfs might be special, as by its nature of a pseudofilesystem it's far more atomic than

Re: [PATCH v2 0/9] procfs: protect /proc/pid/* files with file-f_cred

2013-10-03 Thread Djalal Harouni
(Andy sorry for the delay, real life...) On Thu, Oct 03, 2013 at 04:50:54PM +0100, Andy Lutomirski wrote: On Thu, Oct 3, 2013 at 4:40 PM, Djalal Harouni tix...@opendz.org wrote: On Thu, Oct 03, 2013 at 04:15:43PM +0100, Andy Lutomirski wrote: On Thu, Oct 3, 2013 at 1:29 PM, Djalal Harouni

Re: [PATCH v2 2/9] procfs: add proc_allow_access() to check if file's opener may access task

2013-10-03 Thread Djalal Harouni
On Thu, Oct 03, 2013 at 04:12:37PM +0100, Andy Lutomirski wrote: On Thu, Oct 3, 2013 at 3:36 PM, Djalal Harouni tix...@opendz.org wrote: On Wed, Oct 02, 2013 at 05:44:17PM +0100, Andy Lutomirski wrote: On Wed, Oct 2, 2013 at 3:55 PM, Djalal Harouni tix...@opendz.org wrote: On Tue, Oct 01

Re: [PATCH v2 2/9] procfs: add proc_allow_access() to check if file's opener may access task

2013-10-03 Thread Djalal Harouni
On Thu, Oct 03, 2013 at 12:37:49PM -0700, Andy Lutomirski wrote: On Thu, Oct 3, 2013 at 12:29 PM, Djalal Harouni tix...@opendz.org wrote: On Thu, Oct 03, 2013 at 04:12:37PM +0100, Andy Lutomirski wrote: On Thu, Oct 3, 2013 at 3:36 PM, Djalal Harouni tix...@opendz.org wrote: On Wed, Oct 02

Re: [PATCH v2 2/9] procfs: add proc_allow_access() to check if file's opener may access task

2013-10-04 Thread Djalal Harouni
On Thu, Oct 03, 2013 at 02:09:55PM -0700, Andy Lutomirski wrote: On Thu, Oct 3, 2013 at 1:13 PM, Djalal Harouni tix...@opendz.org wrote: On Thu, Oct 03, 2013 at 12:37:49PM -0700, Andy Lutomirski wrote: On Thu, Oct 3, 2013 at 12:29 PM, Djalal Harouni tix...@opendz.org wrote: On Thu, Oct 03

Re: [PATCH v2 0/9] procfs: protect /proc/pid/* files with file-f_cred

2013-10-04 Thread Djalal Harouni
() is that proc_allow_access() will check if it's absolutely the same user, otherwise fallback to security_capable() which is the heart of file_ns_capable() So it's already been done and proposed! this is an easy solution to detect if current's cred have changed. Thanks, Ingo -- Djalal Harouni

Re: [PATCH v2 2/9] procfs: add proc_allow_access() to check if file's opener may access task

2013-10-04 Thread Djalal Harouni
On Fri, Oct 04, 2013 at 04:40:01PM +0100, Andy Lutomirski wrote: On Fri, Oct 4, 2013 at 9:59 AM, Djalal Harouni tix...@opendz.org wrote: On Thu, Oct 03, 2013 at 02:09:55PM -0700, Andy Lutomirski wrote: On Thu, Oct 3, 2013 at 1:13 PM, Djalal Harouni tix...@opendz.org wrote: On Thu, Oct 03

Re: [PATCH v2 2/9] procfs: add proc_allow_access() to check if file's opener may access task

2013-10-04 Thread Djalal Harouni
On Fri, Oct 04, 2013 at 07:34:08PM +0100, Andy Lutomirski wrote: On Fri, Oct 4, 2013 at 7:23 PM, Djalal Harouni tix...@opendz.org wrote: On Fri, Oct 04, 2013 at 04:40:01PM +0100, Andy Lutomirski wrote: On Fri, Oct 4, 2013 at 9:59 AM, Djalal Harouni tix...@opendz.org wrote: On Thu, Oct 03

Re: [PATCH v2 2/9] procfs: add proc_allow_access() to check if file's opener may access task

2013-10-04 Thread Djalal Harouni
On Fri, Oct 04, 2013 at 12:16:26PM -0700, Andy Lutomirski wrote: On Fri, Oct 4, 2013 at 12:11 PM, Djalal Harouni tix...@opendz.org wrote: On Fri, Oct 04, 2013 at 07:34:08PM +0100, Andy Lutomirski wrote: On Fri, Oct 4, 2013 at 7:23 PM, Djalal Harouni tix...@opendz.org wrote: On Fri, Oct 04

Re: [PATCH v2 2/9] procfs: add proc_allow_access() to check if file's opener may access task

2013-10-04 Thread Djalal Harouni
On Fri, Oct 04, 2013 at 12:32:09PM -0700, Andy Lutomirski wrote: On Fri, Oct 4, 2013 at 12:27 PM, Djalal Harouni tix...@opendz.org wrote: On Fri, Oct 04, 2013 at 12:16:26PM -0700, Andy Lutomirski wrote: On Fri, Oct 4, 2013 at 12:11 PM, Djalal Harouni tix...@opendz.org wrote: On Fri, Oct 04

Re: [PATCH v2 2/9] procfs: add proc_allow_access() to check if file's opener may access task

2013-10-05 Thread Djalal Harouni
On Fri, Oct 04, 2013 at 03:17:08PM -0700, Andy Lutomirski wrote: On Fri, Oct 4, 2013 at 12:41 PM, Djalal Harouni tix...@opendz.org wrote: On Fri, Oct 04, 2013 at 12:32:09PM -0700, Andy Lutomirski wrote: On Fri, Oct 4, 2013 at 12:27 PM, Djalal Harouni tix...@opendz.org wrote: On Fri, Oct 04

Re: [PATCH v2 2/9] procfs: add proc_allow_access() to check if file's opener may access task

2013-10-13 Thread Djalal Harouni
On Wed, Oct 09, 2013 at 06:27:22PM +0100, Andy Lutomirski wrote: On Wed, Oct 9, 2013 at 11:54 AM, Djalal Harouni tix...@opendz.org wrote: On Mon, Oct 07, 2013 at 02:41:33PM -0700, Andy Lutomirski wrote: On Sat, Oct 5, 2013 at 6:23 AM, Djalal Harouni tix...@opendz.org wrote: On Fri, Oct 04

Re: [PATCH v3a] vsprintf: Check real user/group id for %pK

2013-10-14 Thread Djalal Harouni
cc:me, Thanks -- Djalal Harouni http://opendz.org -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Re: [PATCH v3a] vsprintf: Check real user/group id for %pK

2013-10-14 Thread Djalal Harouni
On Mon, Oct 14, 2013 at 11:17:06AM +0100, Djalal Harouni wrote: On Fri, Oct 11, 2013 at 02:19:14PM +1100, Ryan Mallon wrote: On 11/10/13 13:20, Eric W. Biederman wrote: Joe Perches j...@perches.com writes: Some setuid binaries will allow reading of files which have read permission

[PATCH v2 1/2] procfs: make /proc/*/pagemap 0400

2014-03-22 Thread Djalal Harouni
by protecting already running processes. Cc: Eric W. Biederman ebied...@xmission.com Acked-by: Kees Cook keesc...@chromium.org Acked-by: Andy Lutomirski l...@amacapital.net Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff

[PATCH v2 1/2] procfs: make /proc/*/{stack,syscall,personality} 0400

2014-03-22 Thread Djalal Harouni
and bypasses by protecting already running processes. Cc: Eric W. Biederman ebied...@xmission.com Acked-by: Kees Cook keesc...@chromium.org Acked-by: Andy Lutomirski l...@amacapital.net Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c | 12 ++-- 1 file changed, 6

[PATCH resend - v2 0/2] procfs: make /proc/*/{stack,syscall,pagemap} 0400

2014-03-22 Thread Djalal Harouni
. It will protect *already running* processes, but first I need to get this simple series accepted! Thanks! Djalal Harouni (2): procfs: make /proc/*/{stack,syscall,personality} 0400 procfs: make /proc/*/pagemap 0400 fs/proc/base.c | 16 1 file changed, 8 insertions(+), 8

Re: [PATCH 5/6] kthread: avoid parsing names as format strings

2013-06-12 Thread Djalal Harouni
thread failed to start\n); Thanks! -- Djalal Harouni http://opendz.org -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http

Re: [PATCH 1/2] Input: cyttsp - fix memcpy size param

2013-06-17 Thread Djalal Harouni
-20130617 Anyway, will this overflow fix go for the next -rc? Thanks in advance Dmitry! -- Djalal Harouni http://opendz.org -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http

Re: [PATCH v2 2/9] procfs: add proc_allow_access() to check if file's opener may access task

2013-10-09 Thread Djalal Harouni
On Fri, Oct 04, 2013 at 05:35:22PM -0700, Eric W. Biederman wrote: Andy Lutomirski l...@amacapital.net writes: On Fri, Oct 4, 2013 at 3:55 PM, Eric W. Biederman ebied...@xmission.com wrote: Andy Lutomirski l...@amacapital.net writes: On Fri, Oct 4, 2013 at 12:41 PM, Djalal Harouni

Re: [PATCH v2 2/9] procfs: add proc_allow_access() to check if file's opener may access task

2013-10-09 Thread Djalal Harouni
On Mon, Oct 07, 2013 at 02:41:33PM -0700, Andy Lutomirski wrote: On Sat, Oct 5, 2013 at 6:23 AM, Djalal Harouni tix...@opendz.org wrote: On Fri, Oct 04, 2013 at 03:17:08PM -0700, Andy Lutomirski wrote: Exactly. Hence the NAK. But Having two LSM Hooks there is really not practical

Re: [PATCH v2 2/9] procfs: add proc_allow_access() to check if file's opener may access task

2013-10-09 Thread Djalal Harouni
On Wed, Oct 09, 2013 at 11:54:02AM +0100, Djalal Harouni wrote: On Mon, Oct 07, 2013 at 02:41:33PM -0700, Andy Lutomirski wrote: On Sat, Oct 5, 2013 at 6:23 AM, Djalal Harouni tix...@opendz.org wrote: On Fri, Oct 04, 2013 at 03:17:08PM -0700, Andy Lutomirski wrote: Exactly. Hence

Re: [PATCH 1/2] procfs: restore 0400 permissions on /proc/*/{syscall,stack,personality}

2013-08-28 Thread Djalal Harouni
Cc'ed more people, On Tue, Aug 27, 2013 at 06:24:06PM +0100, Djalal Harouni wrote: Hi Al, On Mon, Aug 26, 2013 at 06:20:55PM +0100, Al Viro wrote: On Mon, Aug 26, 2013 at 09:49:48AM -0700, Eric W. Biederman wrote: How does changing the permissions to S_IRUSR prevent someone from

Re: [PATCH 1/2] procfs: restore 0400 permissions on /proc/*/{syscall,stack,personality}

2013-08-28 Thread Djalal Harouni
On Wed, Aug 28, 2013 at 01:49:06PM -0700, Kees Cook wrote: On Wed, Aug 28, 2013 at 1:11 PM, Djalal Harouni tix...@opendz.org wrote: [...] 2) The commit log says also: if you open a file before the target does suid-root exec, you'll be still able to access it. so you do the task

Re: [PATCH 1/2] procfs: restore 0400 permissions on /proc/*/{syscall,stack,personality}

2013-08-29 Thread Djalal Harouni
-- Djalal Harouni http://opendz.org -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Re: [PATCH 1/2] procfs: restore 0400 permissions on /proc/*/{syscall,stack,personality}

2013-08-31 Thread Djalal Harouni
(Sorry for my late response) On Thu, Aug 29, 2013 at 03:14:32PM -0700, Kees Cook wrote: On Thu, Aug 29, 2013 at 2:11 AM, Djalal Harouni tix...@opendz.org wrote: Hi Eric, On Wed, Aug 28, 2013 at 05:26:56PM -0700, Eric W. Biederman wrote: I have take a moment and read this thread

[PATCH 0/12] procfs: protect /proc/pid/* files with file-f_cred

2013-09-25 Thread Djalal Harouni
. Thanks! [1] https://lkml.org/lkml/2013/8/26/354 [2] https://lkml.org/lkml/2013/8/31/209 Djalal Harouni (12): procfs: add proc_same_open_cred() to check if the cred have changed procfs: add proc_allow_access() to check if file's opener may access task procfs: Document the proposed solution

[PATCH 01/12] procfs: add proc_same_open_cred() to check if the cred have changed

2013-09-25 Thread Djalal Harouni
changed which means that perhaps we have gain or lost the privileges of processing the /proc file descriptor. So add proc_same_open_cred() to check if the cred have changed. Cc: Kees Cook keesc...@chromium.org Cc: Eric W. Biederman ebied...@xmission.com Signed-off-by: Djalal Harouni tix...@opendz.org

[PATCH 02/12] procfs: add proc_allow_access() to check if file's opener may access task

2013-09-25 Thread Djalal Harouni
. This function should be used with the ptrace_may_access() check. Cc: Kees Cook keesc...@chromium.org Cc: Eric W. Biederman ebied...@xmission.com Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c | 56 ++ fs/proc/internal.h | 2

[PATCH 03/12] procfs: Document the proposed solution to protect procfs entries

2013-09-25 Thread Djalal Harouni
Note the proposed solution to protect sensitive procfs entries as code comment. Cc: Kees Cook keesc...@chromium.org Cc: Eric W. Biederman ebied...@xmission.com Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c | 11 +++ 1 file changed, 11 insertions(+) diff --git a/fs

[PATCH 04/12] seq_file: Make seq_file able to access the file's opener cred

2013-09-25 Thread Djalal Harouni
seq_f_cred() to return it. Cc: Kees Cook keesc...@chromium.org Cc: Eric W. Biederman ebied...@xmission.com Signed-off-by: Djalal Harouni tix...@opendz.org --- include/linux/seq_file.h | 7 +++ 1 file changed, 7 insertions(+) diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h index

[PATCH 05/12] seq_file: set the seq_file-f_cred during seq_open()

2013-09-25 Thread Djalal Harouni
system call. Set the seq_file-f_cred to file-f_cred during seq_open(). Cc: Kees Cook keesc...@chromium.org Cc: Eric W. Biederman ebied...@xmission.com Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/seq_file.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/seq_file.c b/fs/seq_file.c

[PATCH 06/12] procfs: make /proc/*/stack 0400

2013-09-25 Thread Djalal Harouni
...@chromium.org Cc: Eric W. Biederman ebied...@xmission.com Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index 8d21316..bb90171 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c

[PATCH 07/12] procfs: add permission checks on the file's opener of /proc/*/stack

2013-09-25 Thread Djalal Harouni
...@chromium.org Cc: Eric W. Biederman ebied...@xmission.com Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c | 26 +++--- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index bb90171..d6a17b3 100644 --- a/fs/proc/base.c +++ b

[PATCH 08/12] procfs: add permission checks on the file's opener of /proc/*/personality

2013-09-25 Thread Djalal Harouni
-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c | 16 +--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index d6a17b3..ed8e3f7 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2656,11 +2656,21 @@ static const struct

[PATCH 09/12] procfs: add permission checks on the file's opener of /proc/*/stat

2013-09-25 Thread Djalal Harouni
-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/array.c | 14 -- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/fs/proc/array.c b/fs/proc/array.c index cbd0f1b..8409d52 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -394,7 +394,7 @@ static int do_task_stat

[PATCH 10/12] procfs: move PROC_BLOCK_SIZE declaration up to make it visible

2013-09-25 Thread Djalal Harouni
Move PROC_BLOCK_SIZE declaraiton up, so new code can use it. Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index ed8e3f7..fe02ee4 100644 --- a/fs/proc/base.c +++ b/fs/proc

[PATCH 11/12] procfs: improve permission checks on /proc/*/syscall

2013-09-25 Thread Djalal Harouni
of the task. This patch also makes /proc/*/syscall 0400 so that the VFS will block any unprivilged access right away. Cc: Kees Cook keesc...@chromium.org Cc: Eric W. Biederman ebied...@xmission.com Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c | 87

[PATCH 12/12] user_ns: seq_file: use the user_ns that is embedded in the f_cred struct

2013-09-25 Thread Djalal Harouni
...@xmission.com Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/seq_file.c| 3 --- include/linux/seq_file.h | 6 ++ 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/fs/seq_file.c b/fs/seq_file.c index a5e5b98..ee1c36d 100644 --- a/fs/seq_file.c +++ b/fs/seq_file.c @@ -58,9

Re: [PATCH 04/12] seq_file: Make seq_file able to access the file's opener cred

2013-09-27 Thread Djalal Harouni
On Wed, Sep 25, 2013 at 05:22:51PM -0700, Linus Torvalds wrote: On Wed, Sep 25, 2013 at 1:14 PM, Djalal Harouni tix...@opendz.org wrote: Therefor add the f_cred field to the seq_file struct and a helper seq_f_cred() to return it. I hate how you've split up this patch from the next one

Re: [PATCH 04/12] seq_file: Make seq_file able to access the file's opener cred

2013-09-27 Thread Djalal Harouni
On Thu, Sep 26, 2013 at 04:02:54AM +0100, Al Viro wrote: On Wed, Sep 25, 2013 at 05:22:51PM -0700, Linus Torvalds wrote: On Wed, Sep 25, 2013 at 1:14 PM, Djalal Harouni tix...@opendz.org wrote: Therefor add the f_cred field to the seq_file struct and a helper seq_f_cred() to return

Re: [PATCH 06/12] procfs: make /proc/*/stack 0400

2013-09-28 Thread Djalal Harouni
On Thu, Sep 26, 2013 at 03:43:24PM -0500, Kees Cook wrote: On Wed, Sep 25, 2013 at 3:14 PM, Djalal Harouni tix...@opendz.org wrote: The /proc/*/stack contains sensitive information and currently its mode is 0444. Change this to 0400 so the VFS will be able to block unprivileged processes

Re: [PATCH 04/12] seq_file: Make seq_file able to access the file's opener cred

2013-09-28 Thread Djalal Harouni
On Thu, Sep 26, 2013 at 04:02:54AM +0100, Al Viro wrote: On Wed, Sep 25, 2013 at 05:22:51PM -0700, Linus Torvalds wrote: On Wed, Sep 25, 2013 at 1:14 PM, Djalal Harouni tix...@opendz.org wrote: Therefor add the f_cred field to the seq_file struct and a helper seq_f_cred() to return

Re: [PATCH 06/12] procfs: make /proc/*/stack 0400

2013-09-29 Thread Djalal Harouni
On Thu, Sep 26, 2013 at 03:43:24PM -0500, Kees Cook wrote: On Wed, Sep 25, 2013 at 3:14 PM, Djalal Harouni tix...@opendz.org wrote: The /proc/*/stack contains sensitive information and currently its mode is 0444. Change this to 0400 so the VFS will be able to block unprivileged processes

[PATCH 4/9] procfs: improve /proc/pid/wchan protection

2014-05-26 Thread Djalal Harouni
...@gmail.com Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c | 55 +-- 1 file changed, 49 insertions(+), 6 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index efe2a11..ef35544 100644 --- a/fs/proc/base.c +++ b/fs/proc

[PATCH 5/9] procfs: improve /proc/pid/syscall protection

2014-05-26 Thread Djalal Harouni
Convert syscall from an INF entry to a REG one. This way we can perform and cache the permission checks during -open(). The ptrace capability is only cached, it will be re-checked during -read(). If the opener did not have enough privileges then fail. Signed-off-by: Djalal Harouni tix

[PATCH 6/9] procfs: add pid_seq_private struct to handle /proc/pid/{stat|stack}

2014-05-26 Thread Djalal Harouni
-by: Djalal Harouni tix...@opendz.org --- fs/proc/internal.h | 11 +++ 1 file changed, 11 insertions(+) diff --git a/fs/proc/internal.h b/fs/proc/internal.h index f5c452c..f28e4f01 100644 --- a/fs/proc/internal.h +++ b/fs/proc/internal.h @@ -78,6 +78,17 @@ struct proc_inode { struct

[PATCH 7/9] procfs: add pid_entry_show() helper to handle /proc/pid/{stat|stack}

2014-05-26 Thread Djalal Harouni
the inode and the cached permission checks. Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c | 21 + fs/proc/internal.h | 3 +++ 2 files changed, 24 insertions(+) diff --git a/fs/proc/base.c b/fs/proc/base.c index f0ce94a..b40345b 100644 --- a/fs/proc

[PATCH 8/9] procfs: improve /proc/pid/stat protection

2014-05-26 Thread Djalal Harouni
data will notice that fields are zeroed. Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/array.c| 90 ++ fs/proc/base.c | 4 +-- fs/proc/internal.h | 6 ++-- 3 files changed, 88 insertions(+), 12 deletions(-) diff --git a/fs

[PATCH 9/9] procfs: improve /proc/pid/stack protection

2014-05-26 Thread Djalal Harouni
enough privileges then fail. Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c | 59 +- 1 file changed, 54 insertions(+), 5 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index d98ce15..6786878 100644 --- a/fs/proc

[PATCH 0/9] procfs: smooth steps to secure some /proc/pid/*

2014-05-26 Thread Djalal Harouni
. Patch 9/9: improve /proc/pid/stack protection. Djalal Harouni (9) procfs: use flags to deny or allow access to /proc/pid/$entry procfs: add pid_entry_access() for proper checks on /proc/pid/* procfs: add proc_read_from_buffer() and pid_entry_read() helpers procfs: improve /proc/pid/wchan

[PATCH 2/9] procfs: add pid_entry_access() for proper checks on /proc/pid/*

2014-05-26 Thread Djalal Harouni
Add the helper pid_entry_access() to unify the permission checks during -open() This is a preparation patch. Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/generic.c | 22 ++ fs/proc/internal.h | 2 ++ 2 files changed, 24 insertions(+) diff --git a/fs/proc

[PATCH 1/9] procfs: use flags to deny or allow access to /proc/pid/$entry

2014-05-26 Thread Djalal Harouni
) Cache the result of a) and return success c) Recheck the cached result during -read() d) If cached == PID_ENTRY_DENY: then we replace the sensitive fields with zeros, userspace won't break and sensitive fields are protected. These flags are internal to /proc/pid/* Signed-off-by: Djalal Harouni

[PATCH 3/9] procfs: add proc_read_from_buffer() and pid_entry_read() helpers

2014-05-26 Thread Djalal Harouni
*)page, length); free_page(page); } return length; } Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c | 53 +++-- fs/proc/internal.h | 3 +++ 2 files changed, 50 insertions(+), 6 deletions(-) diff

Re: [PATCH 1/9] procfs: use flags to deny or allow access to /proc/pid/$entry

2014-05-26 Thread Djalal Harouni
On Mon, May 26, 2014 at 09:57:16AM -0700, Andy Lutomirski wrote: On Mon, May 26, 2014 at 6:27 AM, Djalal Harouni tix...@opendz.org wrote: Add the deny or allow flags, so we can perform proper permission checks and set the result accordingly. These flags are needed in case we have to cache

Re: [PATCH 3/9] procfs: add proc_read_from_buffer() and pid_entry_read() helpers

2014-05-26 Thread Djalal Harouni
On Mon, May 26, 2014 at 10:01:20AM -0700, Andy Lutomirski wrote: On Mon, May 26, 2014 at 6:27 AM, Djalal Harouni tix...@opendz.org wrote: This patch is preparation, it adds a couple of helpers to read data and to get the cached permission checks during that -read(). Currently INF entries

Re: [PATCH 3/9] procfs: add proc_read_from_buffer() and pid_entry_read() helpers

2014-05-26 Thread Djalal Harouni
On Mon, May 26, 2014 at 10:59:10AM -0700, Andy Lutomirski wrote: On Mon, May 26, 2014 at 10:41 AM, Djalal Harouni tix...@opendz.org wrote: On Mon, May 26, 2014 at 10:01:20AM -0700, Andy Lutomirski wrote: On Mon, May 26, 2014 at 6:27 AM, Djalal Harouni tix...@opendz.org wrote: This patch

Re: [PATCH 3/9] procfs: add proc_read_from_buffer() and pid_entry_read() helpers

2014-05-26 Thread Djalal Harouni
On Mon, May 26, 2014 at 07:21:54PM +0100, Djalal Harouni wrote: On Mon, May 26, 2014 at 10:59:10AM -0700, Andy Lutomirski wrote: On Mon, May 26, 2014 at 10:41 AM, Djalal Harouni tix...@opendz.org wrote: On Mon, May 26, 2014 at 10:01:20AM -0700, Andy Lutomirski wrote: On Mon, May 26, 2014

Re: [PATCH 1/9] procfs: use flags to deny or allow access to /proc/pid/$entry

2014-05-26 Thread Djalal Harouni
On Mon, May 26, 2014 at 11:06:40AM -0700, Andy Lutomirski wrote: On Mon, May 26, 2014 at 10:21 AM, Djalal Harouni tix...@opendz.org wrote: On Mon, May 26, 2014 at 09:57:16AM -0700, Andy Lutomirski wrote: On Mon, May 26, 2014 at 6:27 AM, Djalal Harouni tix...@opendz.org wrote: Add the deny

Re: [PATCH 6/9] procfs: add pid_seq_private struct to handle /proc/pid/{stat|stack}

2014-05-27 Thread Djalal Harouni
On Mon, May 26, 2014 at 10:02:15AM -0700, Andy Lutomirski wrote: On Mon, May 26, 2014 at 6:27 AM, Djalal Harouni tix...@opendz.org wrote: This patch is preparation to handle sensitive ONE entries: /proc/pid/stat /proc/pid/stack These files use sequence iterators and we want to keep

Re: [PATCH 1/9] procfs: use flags to deny or allow access to /proc/pid/$entry

2014-05-27 Thread Djalal Harouni
On Mon, May 26, 2014 at 12:17:48PM -0700, Andy Lutomirski wrote: On Mon, May 26, 2014 at 12:13 PM, Djalal Harouni tix...@opendz.org wrote: On Mon, May 26, 2014 at 11:06:40AM -0700, Andy Lutomirski wrote: On Mon, May 26, 2014 at 10:21 AM, Djalal Harouni tix...@opendz.org wrote: I would like

Re: [PATCH 1/9] procfs: use flags to deny or allow access to /proc/pid/$entry

2014-05-28 Thread Djalal Harouni
On Tue, May 27, 2014 at 11:38:54AM -0700, Kees Cook wrote: On Mon, May 26, 2014 at 6:27 AM, Djalal Harouni tix...@opendz.org wrote: Add the deny or allow flags, so we can perform proper permission checks and set the result accordingly. These flags are needed in case we have to cache

Re: [PATCH 1/9] procfs: use flags to deny or allow access to /proc/pid/$entry

2014-05-28 Thread Djalal Harouni
On Wed, May 28, 2014 at 09:59:54AM -0700, Kees Cook wrote: On Wed, May 28, 2014 at 4:42 AM, Djalal Harouni tix...@opendz.org wrote: On Tue, May 27, 2014 at 11:38:54AM -0700, Kees Cook wrote: On Mon, May 26, 2014 at 6:27 AM, Djalal Harouni tix...@opendz.org wrote: Add the deny or allow

[PATCH 2/2] procfs: make /proc/*/pagemap 0400

2013-12-15 Thread Djalal Harouni
...@chromium.org Signed-off-by: Djalal Harouni tix...@opendz.org --- fs/proc/base.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index e69df4b..081d055 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2616,7 +2616,7 @@ static const struct

[Resend] [PATCH 0/2] procfs: make /proc/*/{stack,syscall,pagemap} 0400

2013-12-15 Thread Djalal Harouni
I'm resending again but _only_ those two patches. At least we have a VFS protection for now. Djalal Harouni (2): procfs: make /proc/*/{stack,syscall,personality} 0400 procfs: make /proc/*/pagemap 0400 fs/proc/base.c | 16 1 file changed, 8 insertions(+), 8 deletions

  1   2   3   4   5   6   >