Re: [PATCH] mm: relax ptrace mode in process_vm_readv(2)

2018-03-06 Thread Alexey Dobriyan 
On Mon, Mar 05, 2018 at 04:07:10PM -0800, Andrew Morton wrote:
> On Sat, 3 Mar 2018 23:11:16 +0300 Alexey Dobriyan  wrote:
> 
> > It is more natural to check for read-from-memory permissions in case of
> > process_vm_readv() as PTRACE_MODE_ATTACH is equivalent to write
> > permissions.
> > 
> > ...
> >
> > --- a/mm/process_vm_access.c
> > +++ b/mm/process_vm_access.c
> > @@ -204,7 +204,7 @@ static ssize_t process_vm_rw_core(pid_t pid, struct 
> > iov_iter *iter,
> > goto free_proc_pages;
> > }
> >  
> > -   mm = mm_access(task, PTRACE_MODE_ATTACH_REALCREDS);
> > +   mm = mm_access(task, vm_write ? PTRACE_MODE_ATTACH_REALCREDS : 
> > PTRACE_MODE_READ_REALCREDS);
> > if (!mm || IS_ERR(mm)) {
> > rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
> > /*
> 
> But what is the risk of breaking existing userspace?

Permissions for write/ATTACH should be more strict than for read/READ,
so loosening them should be fine.

Unless LSM does silly things of course.

Re: [PATCH] mm: relax ptrace mode in process_vm_readv(2)

2018-03-06 Thread Alexey Dobriyan 
On Mon, Mar 05, 2018 at 04:07:10PM -0800, Andrew Morton wrote:
> On Sat, 3 Mar 2018 23:11:16 +0300 Alexey Dobriyan  wrote:
> 
> > It is more natural to check for read-from-memory permissions in case of
> > process_vm_readv() as PTRACE_MODE_ATTACH is equivalent to write
> > permissions.
> > 
> > ...
> >
> > --- a/mm/process_vm_access.c
> > +++ b/mm/process_vm_access.c
> > @@ -204,7 +204,7 @@ static ssize_t process_vm_rw_core(pid_t pid, struct 
> > iov_iter *iter,
> > goto free_proc_pages;
> > }
> >  
> > -   mm = mm_access(task, PTRACE_MODE_ATTACH_REALCREDS);
> > +   mm = mm_access(task, vm_write ? PTRACE_MODE_ATTACH_REALCREDS : 
> > PTRACE_MODE_READ_REALCREDS);
> > if (!mm || IS_ERR(mm)) {
> > rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
> > /*
> 
> But what is the risk of breaking existing userspace?

Permissions for write/ATTACH should be more strict than for read/READ,
so loosening them should be fine.

Unless LSM does silly things of course.

Re: [PATCH] mm: relax ptrace mode in process_vm_readv(2)

2018-03-05 Thread Andrew Morton 
On Sat, 3 Mar 2018 23:11:16 +0300 Alexey Dobriyan  wrote:

> It is more natural to check for read-from-memory permissions in case of
> process_vm_readv() as PTRACE_MODE_ATTACH is equivalent to write
> permissions.
> 
> ...
>
> --- a/mm/process_vm_access.c
> +++ b/mm/process_vm_access.c
> @@ -204,7 +204,7 @@ static ssize_t process_vm_rw_core(pid_t pid, struct 
> iov_iter *iter,
>   goto free_proc_pages;
>   }
>  
> - mm = mm_access(task, PTRACE_MODE_ATTACH_REALCREDS);
> + mm = mm_access(task, vm_write ? PTRACE_MODE_ATTACH_REALCREDS : 
> PTRACE_MODE_READ_REALCREDS);
>   if (!mm || IS_ERR(mm)) {
>   rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
>   /*

But what is the risk of breaking existing userspace?

Re: [PATCH] mm: relax ptrace mode in process_vm_readv(2)

2018-03-05 Thread Andrew Morton 
On Sat, 3 Mar 2018 23:11:16 +0300 Alexey Dobriyan  wrote:

> It is more natural to check for read-from-memory permissions in case of
> process_vm_readv() as PTRACE_MODE_ATTACH is equivalent to write
> permissions.
> 
> ...
>
> --- a/mm/process_vm_access.c
> +++ b/mm/process_vm_access.c
> @@ -204,7 +204,7 @@ static ssize_t process_vm_rw_core(pid_t pid, struct 
> iov_iter *iter,
>   goto free_proc_pages;
>   }
>  
> - mm = mm_access(task, PTRACE_MODE_ATTACH_REALCREDS);
> + mm = mm_access(task, vm_write ? PTRACE_MODE_ATTACH_REALCREDS : 
> PTRACE_MODE_READ_REALCREDS);
>   if (!mm || IS_ERR(mm)) {
>   rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
>   /*

But what is the risk of breaking existing userspace?