Avoid processing garbage data by NULL terminating the strings.
Signed-off-by: Djalal Harouni
---
Patch compile tested only.
drivers/net/wireless/ath/ath5k/debug.c | 24 ++--
1 file changed, 18 insertions(+), 6 deletions(-)
diff --git a/drivers/net/wireless/ath/ath5k
Avoid giving an fd on privileged files for free by switching these
files to 0400 mode.
This patch restores the old mode which was 0400
Signed-off-by: Djalal Harouni
---
fs/proc/base.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc
Do not give an fd on privileged /proc/*/pagemap files for free.
Restore the previous 0400 mode
Signed-off-by: Djalal Harouni
---
fs/proc/base.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 6b162cd..93a1c89 100644
--- a/fs/proc
On Mon, Aug 26, 2013 at 09:49:48AM -0700, Eric W. Biederman wrote:
> Djalal Harouni writes:
>
> > Avoid giving an fd on privileged files for free by switching these
> > files to 0400 mode.
>
> This seems to be a revert of Al's patch in March of 2011 based on broke
o why not restore the old behaviour and block a process from getting an
fd on /proc/*/stack files that belong to other processes?
The original thread that added the /proc/*/stack feature:
https://lkml.org/lkml/2008/11/7/109
They noted that it should be under 0400 permissions
So why remov
Cc'ed more people,
On Tue, Aug 27, 2013 at 06:24:06PM +0100, Djalal Harouni wrote:
> Hi Al,
>
> On Mon, Aug 26, 2013 at 06:20:55PM +0100, Al Viro wrote:
> > On Mon, Aug 26, 2013 at 09:49:48AM -0700, Eric W. Biederman wrote:
> >
> > > How does changing the per
On Wed, Aug 28, 2013 at 01:49:06PM -0700, Kees Cook wrote:
> On Wed, Aug 28, 2013 at 1:11 PM, Djalal Harouni wrote:
[...]
> >> 2)
> >> The commit log says also:
> >> "if you open a file before the target does suid-root exec, you'll be still
> >> a
hey are correct. Perhaps you didn't take a closer look
Thanks Eric
--
Djalal Harouni
http://opendz.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
s task
[PATCH v2 3/9] procfs: Document the proposed solution to protect
procfs entries
- Patchset cleaned
Version 1 was discussed here:
https://lkml.org/lkml/2013/9/25/459
The following series tries to implement what I describe.
Djalal Harouni (9):
procfs: add proc_same_open_cred() to check
changed which means that
perhaps we have gain or lost the privileges of processing the /proc
file descriptor. So add proc_same_open_cred() to check if the cred have
changed.
Cc: Kees Cook
Suggested-by: Eric W. Biederman
Signed-off-by: Djalal Harouni
---
fs/proc/base.c | 29
c entries.
This function should be used with the ptrace_may_access() check.
Cc: Kees Cook
Suggested-by: Eric W. Biederman
Signed-off-by: Djalal Harouni
---
fs/proc/base.c | 56 ++
fs/proc/internal.h | 2 ++
2 files changed, 58 insertion
Note the proposed solution to protect sensitive procfs entries as
code comment.
Cc: Kees Cook
Suggested-by: Eric W. Biederman
Signed-off-by: Djalal Harouni
---
fs/proc/base.c | 11 +++
1 file changed, 11 insertions(+)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index c29eeae
ptrace checks.
Cc: Eric W. Biederman
Acked-by: Kees Cook
Signed-off-by: Djalal Harouni
---
fs/proc/base.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 8d21316..54e926a 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2682,7
single_open() so it will be stored in
seq_file->private in seq_open(). This way these entries are able to
continue to use seq files, and access the file->f_cred easily.
This is also a preparation for the following patches which will check
the corresponding file->f_cred.
Signed-off-
data.
The patch also adds a previously missing signal->cred_guard_mutex lock.
This patch does not break userspace since it only hides the fields that
were supposed to be protected.
Cc: Kees Cook
Cc: Eric W. Biederman
Signed-off-by: Djalal Harouni
---
fs/proc/array.c | 16 ++--
If current's cred have changed between ->open() and ->read(), then call
proc_allow_access() to check if the original file's opener had enough
permissions to access the /proc/*/personality entry during ->read().
Cc: Kees Cook
Cc: Eric W. Biederman
Signed-off-by: Djalal Ha
t the stack trace of a task.
Cc: Kees Cook
Cc: Eric W. Biederman
Signed-off-by: Djalal Harouni
---
fs/proc/base.c | 87 ++
1 file changed, 75 insertions(+), 12 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 77f5b84..b80588a
unction
which is used to get the syscall entries of the task.
Cc: Kees Cook
Cc: Eric W. Biederman
Signed-off-by: Djalal Harouni
---
fs/proc/base.c | 93 --
1 file changed, 84 insertions(+), 9 deletions(-)
diff --git a/fs/proc/base.c b/fs/p
On Tue, Oct 01, 2013 at 06:40:41PM -0700, Andy Lutomirski wrote:
> On 10/01/2013 01:26 PM, Djalal Harouni wrote:
> > /proc//* entries varies at runtime, appropriate permission checks
> > need to happen during each system call.
> >
> > Currently some of these sensiti
On Tue, Oct 01, 2013 at 06:36:34PM -0700, Andy Lutomirski wrote:
> On 10/01/2013 01:26 PM, Djalal Harouni wrote:
> > Since /proc entries varies at runtime, permission checks need to happen
> > during each system call.
> >
> > However even with that /proc file descript
On Tue, Oct 01, 2013 at 06:39:00PM -0700, Andy Lutomirski wrote:
> On 10/01/2013 01:26 PM, Djalal Harouni wrote:
> > Some fields of the /proc/*/stat are sensitive fields that need
> > appropriate protection.
> >
> > However, /proc file descriptors can be passed to a
On Wed, Oct 02, 2013 at 05:51:15PM +0100, Andy Lutomirski wrote:
> On Wed, Oct 2, 2013 at 3:37 PM, Djalal Harouni wrote:
> > On Tue, Oct 01, 2013 at 06:40:41PM -0700, Andy Lutomirski wrote:
> >> On 10/01/2013 01:26 PM, Djalal Harouni wrote:
> >> > /proc//* entries
On Wed, Oct 02, 2013 at 10:48:55AM -0700, Kees Cook wrote:
> On Wed, Oct 2, 2013 at 9:51 AM, Andy Lutomirski wrote:
> > On Wed, Oct 2, 2013 at 3:37 PM, Djalal Harouni wrote:
> >> On Tue, Oct 01, 2013 at 06:40:41PM -0700, Andy Lutomirski wrote:
> >>> On 10/01/2013
On Wed, Oct 02, 2013 at 11:00:26AM -0700, Andy Lutomirski wrote:
> On Wed, Oct 2, 2013 at 10:48 AM, Kees Cook wrote:
> > On Wed, Oct 2, 2013 at 9:51 AM, Andy Lutomirski wrote:
> >> On Wed, Oct 2, 2013 at 3:37 PM, Djalal Harouni wrote:
> >>> On Tue, Oct 01,
On Wed, Oct 02, 2013 at 07:26:43PM +0100, Djalal Harouni wrote:
> On Wed, Oct 02, 2013 at 11:00:26AM -0700, Andy Lutomirski wrote:
> > On Wed, Oct 2, 2013 at 10:48 AM, Kees Cook wrote:
> > > I think revoking the fd would be great. Does that mechanism exist?
> >
> >
On Wed, Oct 02, 2013 at 11:35:45AM -0700, Kees Cook wrote:
> On Wed, Oct 2, 2013 at 11:22 AM, Djalal Harouni wrote:
> > On Wed, Oct 02, 2013 at 10:48:55AM -0700, Kees Cook wrote:
> >> On Wed, Oct 2, 2013 at 9:51 AM, Andy Lutomirski
> >> wrote:
> >> >
On Wed, Oct 02, 2013 at 05:46:19PM +0100, Andy Lutomirski wrote:
> On Wed, Oct 2, 2013 at 4:14 PM, Djalal Harouni wrote:
> > On Tue, Oct 01, 2013 at 06:39:00PM -0700, Andy Lutomirski wrote:
> >> On 10/01/2013 01:26 PM, Djalal Harouni wrote:
> >> > Some fields of
On Thu, Oct 03, 2013 at 08:12:44AM +0200, Ingo Molnar wrote:
>
> * Djalal Harouni wrote:
>
> > > Regardless, glibc uses /proc/self/maps, which would be fine here, right?
> >
> > I did not touch /proc/self/maps and others, but I'm planning to fix the
On Thu, Oct 03, 2013 at 08:22:56AM +0200, Ingo Molnar wrote:
>
> * Djalal Harouni wrote:
>
> > * You can't do it for /proc/*/stat otherwise you will break userspace
> > "ps"..., ps must access /proc/1/stat etc... so the proposed solution
> > w
On Wed, Oct 02, 2013 at 05:44:17PM +0100, Andy Lutomirski wrote:
> On Wed, Oct 2, 2013 at 3:55 PM, Djalal Harouni wrote:
> > On Tue, Oct 01, 2013 at 06:36:34PM -0700, Andy Lutomirski wrote:
> >> On 10/01/2013 01:26 PM, Djalal Harouni wrote:
> >> > Since /proc entries
On Thu, Oct 03, 2013 at 04:15:43PM +0100, Andy Lutomirski wrote:
> On Thu, Oct 3, 2013 at 1:29 PM, Djalal Harouni wrote:
> > On Thu, Oct 03, 2013 at 08:12:44AM +0200, Ingo Molnar wrote:
> >> Now procfs might be special, as by its nature of a pseudofilesystem it's
> >
(Andy sorry for the delay, real life...)
On Thu, Oct 03, 2013 at 04:50:54PM +0100, Andy Lutomirski wrote:
> On Thu, Oct 3, 2013 at 4:40 PM, Djalal Harouni wrote:
> > On Thu, Oct 03, 2013 at 04:15:43PM +0100, Andy Lutomirski wrote:
> >> On Thu, Oct 3, 2013 at 1:29 PM, Dja
On Thu, Oct 03, 2013 at 04:12:37PM +0100, Andy Lutomirski wrote:
> On Thu, Oct 3, 2013 at 3:36 PM, Djalal Harouni wrote:
> > On Wed, Oct 02, 2013 at 05:44:17PM +0100, Andy Lutomirski wrote:
> >> On Wed, Oct 2, 2013 at 3:55 PM, Djalal Harouni wrote:
> >> > On Tue, Oc
On Thu, Oct 03, 2013 at 12:37:49PM -0700, Andy Lutomirski wrote:
> On Thu, Oct 3, 2013 at 12:29 PM, Djalal Harouni wrote:
> > On Thu, Oct 03, 2013 at 04:12:37PM +0100, Andy Lutomirski wrote:
> >> On Thu, Oct 3, 2013 at 3:36 PM, Djalal Harouni wrote:
> >> > On W
On Thu, Oct 03, 2013 at 02:09:55PM -0700, Andy Lutomirski wrote:
> On Thu, Oct 3, 2013 at 1:13 PM, Djalal Harouni wrote:
> > On Thu, Oct 03, 2013 at 12:37:49PM -0700, Andy Lutomirski wrote:
> >> On Thu, Oct 3, 2013 at 12:29 PM, Djalal Harouni wrote:
> >> > On T
d
file_ns_capable() is that proc_allow_access() will check if it's
absolutely the same user, otherwise fallback to security_capable() which
is the heart of file_ns_capable()
So it's already been done and proposed! this is an easy solution to
detect if current's cred have changed.
On Fri, Oct 04, 2013 at 04:40:01PM +0100, Andy Lutomirski wrote:
> On Fri, Oct 4, 2013 at 9:59 AM, Djalal Harouni wrote:
> > On Thu, Oct 03, 2013 at 02:09:55PM -0700, Andy Lutomirski wrote:
> >> On Thu, Oct 3, 2013 at 1:13 PM, Djalal Harouni wrote:
> >> > On Thu, Oc
On Fri, Oct 04, 2013 at 07:34:08PM +0100, Andy Lutomirski wrote:
> On Fri, Oct 4, 2013 at 7:23 PM, Djalal Harouni wrote:
> > On Fri, Oct 04, 2013 at 04:40:01PM +0100, Andy Lutomirski wrote:
> >> On Fri, Oct 4, 2013 at 9:59 AM, Djalal Harouni wrote:
> >> > On Thu, Oc
On Fri, Oct 04, 2013 at 12:16:26PM -0700, Andy Lutomirski wrote:
> On Fri, Oct 4, 2013 at 12:11 PM, Djalal Harouni wrote:
> > On Fri, Oct 04, 2013 at 07:34:08PM +0100, Andy Lutomirski wrote:
> >> On Fri, Oct 4, 2013 at 7:23 PM, Djalal Harouni wrote:
> >> > On F
On Fri, Oct 04, 2013 at 12:32:09PM -0700, Andy Lutomirski wrote:
> On Fri, Oct 4, 2013 at 12:27 PM, Djalal Harouni wrote:
> > On Fri, Oct 04, 2013 at 12:16:26PM -0700, Andy Lutomirski wrote:
> >> On Fri, Oct 4, 2013 at 12:11 PM, Djalal Harouni wrote:
> >> > On F
On Fri, Oct 04, 2013 at 03:17:08PM -0700, Andy Lutomirski wrote:
> On Fri, Oct 4, 2013 at 12:41 PM, Djalal Harouni wrote:
> > On Fri, Oct 04, 2013 at 12:32:09PM -0700, Andy Lutomirski wrote:
> >> On Fri, Oct 4, 2013 at 12:27 PM, Djalal Harouni wrote:
> >> > On F
Hi Eric,
(Sorry for the delay, please see below)
On Sat, Aug 31, 2013 at 06:44:39PM -0700, Eric W. Biederman wrote:
> Djalal Harouni writes:
[...]
> > Yes Kees,
> >
> > I did try a year ago to adapt the exec_id from grsecurity and failed
> > (and failed again to re
On Fri, Oct 04, 2013 at 05:35:22PM -0700, Eric W. Biederman wrote:
> Andy Lutomirski writes:
>
> > On Fri, Oct 4, 2013 at 3:55 PM, Eric W. Biederman
> > wrote:
> >> Andy Lutomirski writes:
> >>
> >>> On Fri, Oct 4, 2013 at 12:41 PM, Djalal Haro
On Mon, Oct 07, 2013 at 02:41:33PM -0700, Andy Lutomirski wrote:
> On Sat, Oct 5, 2013 at 6:23 AM, Djalal Harouni wrote:
> > On Fri, Oct 04, 2013 at 03:17:08PM -0700, Andy Lutomirski wrote:
> >>
> >> Exactly. Hence the NAK.
> > But Having two LSM Hooks there i
On Wed, Oct 09, 2013 at 11:54:02AM +0100, Djalal Harouni wrote:
> On Mon, Oct 07, 2013 at 02:41:33PM -0700, Andy Lutomirski wrote:
> > On Sat, Oct 5, 2013 at 6:23 AM, Djalal Harouni wrote:
> > > On Fri, Oct 04, 2013 at 03:17:08PM -0700, Andy Lutomirski wrote:
> > >>
(Sorry for my late response)
On Thu, Aug 29, 2013 at 03:14:32PM -0700, Kees Cook wrote:
> On Thu, Aug 29, 2013 at 2:11 AM, Djalal Harouni wrote:
> > Hi Eric,
> >
> > On Wed, Aug 28, 2013 at 05:26:56PM -0700, Eric W. Biederman wrote:
> >>
> >> I have take
On Wed, Sep 25, 2013 at 05:22:51PM -0700, Linus Torvalds wrote:
> On Wed, Sep 25, 2013 at 1:14 PM, Djalal Harouni wrote:
> >
> > Therefor add the f_cred field to the seq_file struct and a helper
> > seq_f_cred() to return it.
>
> I hate how you've split up t
On Thu, Sep 26, 2013 at 04:02:54AM +0100, Al Viro wrote:
> On Wed, Sep 25, 2013 at 05:22:51PM -0700, Linus Torvalds wrote:
> > On Wed, Sep 25, 2013 at 1:14 PM, Djalal Harouni wrote:
> > >
> > > Therefor add the f_cred field to the seq_file struct and a helper
>
On Thu, Sep 26, 2013 at 03:43:24PM -0500, Kees Cook wrote:
> On Wed, Sep 25, 2013 at 3:14 PM, Djalal Harouni wrote:
> > The /proc/*/stack contains sensitive information and currently its mode
> > is 0444. Change this to 0400 so the VFS will be able to block
> > unprivileged
On Thu, Sep 26, 2013 at 04:02:54AM +0100, Al Viro wrote:
> On Wed, Sep 25, 2013 at 05:22:51PM -0700, Linus Torvalds wrote:
> > On Wed, Sep 25, 2013 at 1:14 PM, Djalal Harouni wrote:
> > >
> > > Therefor add the f_cred field to the seq_file struct and a helper
>
On Thu, Sep 26, 2013 at 03:43:24PM -0500, Kees Cook wrote:
> On Wed, Sep 25, 2013 at 3:14 PM, Djalal Harouni wrote:
> > The /proc/*/stack contains sensitive information and currently its mode
> > is 0444. Change this to 0400 so the VFS will be able to block
> > unprivileged
ecks on /proc/*/syscall
8) Finally the last patch is user_ns and seq_file cleaning.
Thanks!
[1] https://lkml.org/lkml/2013/8/26/354
[2] https://lkml.org/lkml/2013/8/31/209
Djalal Harouni (12):
procfs: add proc_same_open_cred() to check if the cred have changed
procfs: add proc_allow_access() t
changed which means that
perhaps we have gain or lost the privileges of processing the /proc
file descriptor. So add proc_same_open_cred() to check if the cred have
changed.
Cc: Kees Cook
Cc: Eric W. Biederman
Signed-off-by: Djalal Harouni
---
fs/proc/base.c | 29
c entries.
This function should be used with the ptrace_may_access() check.
Cc: Kees Cook
Cc: Eric W. Biederman
Signed-off-by: Djalal Harouni
---
fs/proc/base.c | 56 ++
fs/proc/internal.h | 2 ++
2 files changed, 58 insertions(+)
diff
Note the proposed solution to protect sensitive procfs entries as
code comment.
Cc: Kees Cook
Cc: Eric W. Biederman
Signed-off-by: Djalal Harouni
---
fs/proc/base.c | 11 +++
1 file changed, 11 insertions(+)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index c29eeae..8d21316 100644
a helper
seq_f_cred() to return it.
Cc: Kees Cook
Cc: Eric W. Biederman
Signed-off-by: Djalal Harouni
---
include/linux/seq_file.h | 7 +++
1 file changed, 7 insertions(+)
diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h
index 4e32edc..ec07709 100644
--- a/include/linux/seq_file
each system call.
Set the seq_file->f_cred to file->f_cred during seq_open().
Cc: Kees Cook
Cc: Eric W. Biederman
Signed-off-by: Djalal Harouni
---
fs/seq_file.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/seq_file.c b/fs/seq_file.c
index 3135c25..a5e5b98 100644
--- a/fs/seq_file
Eric W. Biederman
Signed-off-by: Djalal Harouni
---
fs/proc/base.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 8d21316..bb90171 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2710,7 +2710,7 @@ static const struct pid
(e.g. a suid-exec).
Cc: Kees Cook
Cc: Eric W. Biederman
Signed-off-by: Djalal Harouni
---
fs/proc/base.c | 26 +++---
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index bb90171..d6a17b3 100644
--- a/fs/proc/base.c
+++ b
If current's cred have changed between ->open() and ->read(), then call
proc_allow_access() to check if the original file's opener had enough
permissions to access the /proc/*/personality entry during ->read().
Cc: Kees Cook
Cc: Eric W. Biederman
Signed-off-by: Djalal Ha
pener had enough
permissions to read these sensitive fields.
The patch also adds a previously missing signal->cred_guard_mutex lock.
This patch does not break userspace since it only hides the fields that
were supposed to be protected.
Cc: Kees Cook
Cc: Eric W. Biederman
Signed-off-by: Djalal Ha
Move PROC_BLOCK_SIZE declaraiton up, so new code can use it.
Signed-off-by: Djalal Harouni
---
fs/proc/base.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index ed8e3f7..fe02ee4 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -150,6
t the syscall entries of the task.
This patch also makes /proc/*/syscall 0400 so that the VFS will block
any unprivilged access right away.
Cc: Kees Cook
Cc: Eric W. Biederman
Signed-off-by: Djalal Harouni
---
fs/proc/base.c | 87 +
ed-off-by: Djalal Harouni
---
fs/seq_file.c| 3 ---
include/linux/seq_file.h | 6 ++
2 files changed, 2 insertions(+), 7 deletions(-)
diff --git a/fs/seq_file.c b/fs/seq_file.c
index a5e5b98..ee1c36d 100644
--- a/fs/seq_file.c
+++ b/fs/seq_file.c
@@ -58,9 +58,6 @@ int seq_open(st
thd_name);
>
> if (IS_ERR(dd->mtip_svc_handler)) {
> dev_err(&dd->pdev->dev, "service thread failed to start\n");
Thanks!
--
Djalal Harouni
http://opendz.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kern
cmd);
> --
> 1.7.9.5
I was going to send a patch and found that it was just fixed in todays
next-20130617
Anyway, will this overflow fix go for the next -rc?
Thanks in advance Dmitry!
--
Djalal Harouni
http://opendz.org
--
To unsubscribe from this list: send the line "u
btrfs_check_trunc_cache_free_space() tries to check if there is enough
space for cache inode truncation but it fails.
Currently this function always returns success even if there is no
enough space. Fix this by returning the -ENOSPC error code.
Signed-off-by: Djalal Harouni
---
Totally untested
-off-by: Djalal Harouni
Cc: "Berg, Johannes"
---
Patch compile tested only.
v2 Clean patch and use min_t() as noted by Berg Johannes
drivers/net/wireless/iwlwifi/mvm/debugfs.c | 12
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/iwlwifi/mvm
initializer from
'char buf[x] = {}' to the explicit memset() as it is done in other
places of the same file.
Cc: sta...@vger.kernel.org
Signed-off-by: Djalal Harouni
---
Patch compile tested only.
Dual BSD/GPLv2 license: Ok
drivers/net/wireless/iwlwifi/mvm/debu
es
> --
>
> Intel GmbH
> Dornacher Strasse 1
> 85622 Feldkirchen/Muenchen, Deutschland
> Sitz der Gesellschaft: Feldkirchen bei Muenchen
> Geschaeftsfuehrer: Christian Lamprechter, Hannes Schwaderer, Douglas Lusk
> Registergericht: Muenchen HRB 47456
> Ust.-IdNr./VAT
ot a security issue, but we should not be able to abuse it.
Signed-off-by: Djalal Harouni
---
New kernels include mm->env_start in /proc//stat
To dump .text area: lseek() to 0x0040 - mm->env_start
fs/proc/base.c |9 ++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git
Hi Oleg,
On Sun, Jul 22, 2012 at 10:00:49PM +0200, Oleg Nesterov wrote:
> On 07/22, Djalal Harouni wrote:
> >
> > __mem_open() which is called by both /proc//environ and
> > /proc//mem ->open() handlers will allow the use of negative offsets.
> > /proc//mem has
On Mon, Jul 23, 2012 at 05:49:27PM +0200, Oleg Nesterov wrote:
> Hi Djalal,
>
> On 07/23, Djalal Harouni wrote:
> >
> > Hi Oleg,
> >
> > On Sun, Jul 22, 2012 at 10:00:49PM +0200, Oleg Nesterov wrote:
> > >
> > > Probablt the patc
ve the current 'mm' for next
operations.
Djalal Harouni (2):
proc: environ_read() make sure offset points to environment address range
proc: do not allow negative offsets on /proc//environ
fs/proc/base.c | 22 +-
1 files changed, 13 insertions(+), 9 deletions(-)
V
ue and we can not depend on
it.
For kernels that have commit b409e578d9a4ec95913e06d8f which adds the
appropriate ptrace check and saves the 'mm' at ->open() time, this is not
a security issue.
This patch is taken from the grsecurity patch since it was just made
available.
Cc: Oleg Nesterov
Cc
only on /proc//mem.
Cc: Oleg Nesterov
Signed-off-by: Djalal Harouni
---
fs/proc/base.c |9 ++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 39ee093..1b6c84c 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -695,8 +695,6
icy(7).
The concept of a name policy originates from dbus1 [1], however we
simplified it substantially, removing features which we believe rather
belong into userspace.
[1] http://dbus.freedesktop.org/doc/dbus-daemon.1.html
--
Djalal Harouni
http://opendz.org
--
To unsubscribe from this list: s
el, what if
a suid program takes some input, constructs objects/structs based on
that, and makes a direct syscall or one through a library into another
part of the kernel ? I don't see why it is a problem for kdbus since
this supposed problem can affect every major part of the kernel.
e if statements in kdbus_conn_disconnect()
Thanks for the patches! all good.
> ipc/kdbus/connection.c | 15 +++
> ipc/kdbus/reply.c | 22 +-
> 2 files changed, 16 insertions(+), 21 deletions(-)
>
> --
> 1.8.3.1
>
--
Djalal Harouni
h
e if statements in kdbus_conn_disconnect()
All three patches:
Reviewed-by: Djalal Harouni
Thanks!
> ipc/kdbus/connection.c | 15 +++
> ipc/kdbus/reply.c | 22 +-
> 2 files changed, 16 insertions(+), 21 deletions(-)
>
> --
> 1.8.3.1
>
--
t;
> static int fs_super_set(struct super_block *sb, void *data)
> --
> 2.4.4
>
Reviewed-by: Djalal Harouni
--
Djalal Harouni
http://opendz.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.ker
st.h| 2 -
> tools/testing/selftests/kdbus/test-attach-flags.c | 750
> --
> tools/testing/selftests/kdbus/test-connection.c | 34 +-
> tools/testing/selftests/kdbus/test-endpoint.c | 13 +-
> 24 files changed, 347 insertions(+), 1079 deletio
On Thu, Jun 04, 2015 at 05:45:11AM +0900, Greg Kroah-Hartman wrote:
> On Wed, Jun 03, 2015 at 09:28:56PM +0100, Djalal Harouni wrote:
> >
> > I also have a question is someone of you guys planning to submit a talk
> > to future Linux events about kdbus and sdbus ? I ha
On Wed, Oct 09, 2013 at 06:27:22PM +0100, Andy Lutomirski wrote:
> On Wed, Oct 9, 2013 at 11:54 AM, Djalal Harouni wrote:
> > On Mon, Oct 07, 2013 at 02:41:33PM -0700, Andy Lutomirski wrote:
> >> On Sat, Oct 5, 2013 at 6:23 AM, Djalal Harouni wrote:
> >> > On F
should fail.
If this will break userspace then allow open() and cache result for read()
Can you emulate the behaviour of kptr_restrict=1 ? If so:
1) perform check during open() and cache data
2) during read() check kptr_restrict==1
check the cached value and if opener had CAP_SYSLOG if so:
On Mon, Oct 14, 2013 at 11:17:06AM +0100, Djalal Harouni wrote:
> On Fri, Oct 11, 2013 at 02:19:14PM +1100, Ryan Mallon wrote:
> > On 11/10/13 13:20, Eric W. Biederman wrote:
> > > Joe Perches writes:
> > >
> > >> Some setuid binaries will allow reading of
The /proc/*/pagemap contain sensitive information and currently its
mode is 0444. Change this to 0400, so the VFS will prevent unprivileged
processes from getting file descriptors on arbitrary privileged
/proc/*/pagemap files.
Cc: Eric W. Biederman
Cc: Kees Cook
Signed-off-by: Djalal Harouni
eneral aggreemnt, so I'm
resending again but _only_ those two patches.
At least we have a VFS protection for now.
Djalal Harouni (2):
procfs: make /proc/*/{stack,syscall,personality} 0400
procfs: make /proc/*/pagemap 0400
fs/proc/base.c | 16
1 file changed, 8 inser
Cook
Signed-off-by: Djalal Harouni
---
fs/proc/base.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 5150706..e69df4b 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2587,7 +2587,7 @@ static const struct pid_entry
protecting already running processes.
Cc: Eric W. Biederman
Acked-by: Kees Cook
Acked-by: Andy Lutomirski
Signed-off-by: Djalal Harouni
---
fs/proc/base.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index e69df4b..081d055 100644
--- a/fs
and bypasses by protecting
already running processes.
Cc: Eric W. Biederman
Acked-by: Kees Cook
Acked-by: Andy Lutomirski
Signed-off-by: Djalal Harouni
---
fs/proc/base.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index
nd came up with
another scheme. It will protect *already running* processes, but first
I need to get this simple series accepted!
Thanks!
Djalal Harouni (2):
procfs: make /proc/*/{stack,syscall,personality} 0400
procfs: make /proc/*/pagemap 0400
fs/proc/base.c | 16
1 file chan
of things, and I missed that one.
So there is the ptrace check that will just block cases where users do
_not_ play tricks with the fd. I'll send another v3 with that included.
Thanks!
--
Djalal Harouni
http://opendz.org
--
To unsubscribe from this list: send the line "unsubsc
On Fri, Mar 28, 2014 at 03:32:31PM -0700, Andrew Morton wrote:
> On Sat, 22 Mar 2014 14:37:39 +0100 Djalal Harouni wrote:
>
> > These procfs files contain sensitive information and currently their
> > mode is 0444. Change this to 0400, so the VFS will be able to block
> >
off-by: Djalal Harouni
---
fs/proc/base.c | 55 +--
1 file changed, 49 insertions(+), 6 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index efe2a11..ef35544 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -273,21 +273,64 @@ static
Convert syscall from an INF entry to a REG one. This way we can perform
and cache the permission checks during ->open().
The ptrace capability is only cached, it will be re-checked during
->read(). If the opener did not have enough privileges then fail.
Signed-off-by: Djalal Harouni
-
nge.
Signed-off-by: Djalal Harouni
---
fs/proc/internal.h | 11 +++
1 file changed, 11 insertions(+)
diff --git a/fs/proc/internal.h b/fs/proc/internal.h
index f5c452c..f28e4f01 100644
--- a/fs/proc/internal.h
+++ b/fs/proc/internal.h
@@ -78,6 +78,17 @@ struct proc_inode {
str
contains the inode and the cached permission checks.
Signed-off-by: Djalal Harouni
---
fs/proc/base.c | 21 +
fs/proc/internal.h | 3 +++
2 files changed, 24 insertions(+)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index f0ce94a..b40345b 100644
--- a/fs/proc/b
tive
data will notice that fields are zeroed.
Signed-off-by: Djalal Harouni
---
fs/proc/array.c| 90 ++
fs/proc/base.c | 4 +--
fs/proc/internal.h | 6 ++--
3 files changed, 88 insertions(+), 12 deletions(-)
diff --git a/fs/proc/array.c
t have enough privileges then fail.
Signed-off-by: Djalal Harouni
---
fs/proc/base.c | 59 +-
1 file changed, 54 insertions(+), 5 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index d98ce15..6786878 100644
--- a/fs/proc/base.c
++
1 - 100 of 276 matches
Mail list logo
