Re: [PATCH] mm: relax ptrace mode in process_vm_readv(2)
On Mon, Mar 05, 2018 at 04:07:10PM -0800, Andrew Morton wrote: > On Sat, 3 Mar 2018 23:11:16 +0300 Alexey Dobriyanwrote: > > > It is more natural to check for read-from-memory permissions in case of > > process_vm_readv() as PTRACE_MODE_ATTACH is equivalent to write > > permissions. > > > > ... > > > > --- a/mm/process_vm_access.c > > +++ b/mm/process_vm_access.c > > @@ -204,7 +204,7 @@ static ssize_t process_vm_rw_core(pid_t pid, struct > > iov_iter *iter, > > goto free_proc_pages; > > } > > > > - mm = mm_access(task, PTRACE_MODE_ATTACH_REALCREDS); > > + mm = mm_access(task, vm_write ? PTRACE_MODE_ATTACH_REALCREDS : > > PTRACE_MODE_READ_REALCREDS); > > if (!mm || IS_ERR(mm)) { > > rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; > > /* > > But what is the risk of breaking existing userspace? Permissions for write/ATTACH should be more strict than for read/READ, so loosening them should be fine. Unless LSM does silly things of course.
Re: [PATCH] mm: relax ptrace mode in process_vm_readv(2)
On Mon, Mar 05, 2018 at 04:07:10PM -0800, Andrew Morton wrote: > On Sat, 3 Mar 2018 23:11:16 +0300 Alexey Dobriyan wrote: > > > It is more natural to check for read-from-memory permissions in case of > > process_vm_readv() as PTRACE_MODE_ATTACH is equivalent to write > > permissions. > > > > ... > > > > --- a/mm/process_vm_access.c > > +++ b/mm/process_vm_access.c > > @@ -204,7 +204,7 @@ static ssize_t process_vm_rw_core(pid_t pid, struct > > iov_iter *iter, > > goto free_proc_pages; > > } > > > > - mm = mm_access(task, PTRACE_MODE_ATTACH_REALCREDS); > > + mm = mm_access(task, vm_write ? PTRACE_MODE_ATTACH_REALCREDS : > > PTRACE_MODE_READ_REALCREDS); > > if (!mm || IS_ERR(mm)) { > > rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; > > /* > > But what is the risk of breaking existing userspace? Permissions for write/ATTACH should be more strict than for read/READ, so loosening them should be fine. Unless LSM does silly things of course.
Re: [PATCH] mm: relax ptrace mode in process_vm_readv(2)
On Sat, 3 Mar 2018 23:11:16 +0300 Alexey Dobriyanwrote: > It is more natural to check for read-from-memory permissions in case of > process_vm_readv() as PTRACE_MODE_ATTACH is equivalent to write > permissions. > > ... > > --- a/mm/process_vm_access.c > +++ b/mm/process_vm_access.c > @@ -204,7 +204,7 @@ static ssize_t process_vm_rw_core(pid_t pid, struct > iov_iter *iter, > goto free_proc_pages; > } > > - mm = mm_access(task, PTRACE_MODE_ATTACH_REALCREDS); > + mm = mm_access(task, vm_write ? PTRACE_MODE_ATTACH_REALCREDS : > PTRACE_MODE_READ_REALCREDS); > if (!mm || IS_ERR(mm)) { > rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; > /* But what is the risk of breaking existing userspace?
Re: [PATCH] mm: relax ptrace mode in process_vm_readv(2)
On Sat, 3 Mar 2018 23:11:16 +0300 Alexey Dobriyan wrote: > It is more natural to check for read-from-memory permissions in case of > process_vm_readv() as PTRACE_MODE_ATTACH is equivalent to write > permissions. > > ... > > --- a/mm/process_vm_access.c > +++ b/mm/process_vm_access.c > @@ -204,7 +204,7 @@ static ssize_t process_vm_rw_core(pid_t pid, struct > iov_iter *iter, > goto free_proc_pages; > } > > - mm = mm_access(task, PTRACE_MODE_ATTACH_REALCREDS); > + mm = mm_access(task, vm_write ? PTRACE_MODE_ATTACH_REALCREDS : > PTRACE_MODE_READ_REALCREDS); > if (!mm || IS_ERR(mm)) { > rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; > /* But what is the risk of breaking existing userspace?