Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAGXu5j+C-LQT2z+J3jEJYmftt1jOnMujNjKqgy0JFwM7b_FPjQ@mail.gmail.com>
Date: Mon, 21 Nov 2011 10:40:25 -0800
From: Kees Cook <keescook@...omium.org>
To: Solar Designer <solar@...nwall.com>
Cc: kernel-hardening@...ts.openwall.com, linux-kernel@...r.kernel.org, 
	linux-security-module@...r.kernel.org
Subject: Re: [PATCH 3/3] security: Yama: add ptrace relationship tracking interface

On Sat, Nov 19, 2011 at 8:59 AM, Solar Designer <solar@...nwall.com> wrote:
> On Sat, Nov 19, 2011 at 08:30:58PM +0400, Vasiliy Kulikov wrote:
>> On Wed, Oct 26, 2011 at 16:49 -0700, Kees Cook wrote:
>> > +   if (mode == PTRACE_MODE_ATTACH &&
>> > +       ptrace_scope &&
>> > +       !capable(CAP_SYS_PTRACE) &&
>> > +       !task_is_descendant(current, child) &&
>> > +       !ptracer_exception_found(current, child))
>> > +           rc = -EPERM;
>>
>> capable() is better to put after all other tests
>
> Right, but...
>
>> as a failed capable()
>> might emit a false positive warning into logs or something.
>
> ...primarily for another reason: a successful capable() sets
> PF_SUPERPRIV, whereas the permission might have been granted without
> capable() as well.  The PF_SUPERPRIV flag is visible via BSD process
> accounting.

Fair point, I'll move it. I had to go look up an earlier thread since
this was ringing a bell, but in there I was talking about moving it to
the end of the tests too. :)

https://lkml.org/lkml/2010/6/30/5

-Kees

-- 
Kees Cook
ChromeOS Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.