Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <524E118F.9080503@gmail.com>
Date: Fri, 04 Oct 2013 10:53:35 +1000
From: Ryan Mallon <rmallon@...il.com>
To: Kees Cook <keescook@...omium.org>, Djalal Harouni <tixxdz@...ndz.org>
CC: Al Viro <viro@...iv.linux.org.uk>, 
 "Eric W. Biederman" <ebiederm@...ssion.com>,
 Andrew Morton <akpm@...ux-foundation.org>, 
 Solar Designer <solar@...nwall.com>,
 Vasiliy Kulikov <segoon@...nwall.com>, 
 Linus Torvalds <torvalds@...ux-foundation.org>,
 Ingo Molnar <mingo@...nel.org>, LKML <linux-kernel@...r.kernel.org>, 
 "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>,
 George Spelvin <linux@...izon.com>
Subject: Re: [PATCH 1/2] procfs: restore 0400 permissions on /proc/*/{syscall,stack,personality}

On 04/10/13 10:41, Kees Cook wrote:
> On Wed, Aug 28, 2013 at 1:49 PM, Kees Cook <keescook@...omium.org> wrote:

<snip>

> 
> BTW, this just came to my attention:
> http://marc.info/?l=linux-kernel&m=138049414321387&w=2
> 
> Same problem, just for /proc/kallsyms. This would benefit from the
> open vs read cred check as well, I think.

I was actually just about to put together a repost of this. Sorry I
missed you off the original Cc list, get_maintainer didn't list you.

I wanted to at least change the comment mentioning "badly written"
setuid binaries. That isn't really true, as George Spelvin pointed out,
even a setuid binary which opens the file with dropped priviledges, but
reads it after re-elevating privileges will be susceptible to this.

Setuid apps could be more precautious by doing the open + read into
memory of user files with the privileges dropped, so that once
privileges are re-elevated only the in-memory copy is used.

I still think in-kernel fixing is a good idea too though, since it
hardens against user-space setuid apps that don't do this. This was just
the simplest approach to fixing the problem that I could think of. I'm
open to suggestions for a better solution.

~Ryan

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.