rpms/kernel
9
2
Fork 4
Code Issues Pull Requests Releases Activity

Fix child thread introspection of of /proc/self/exe (rhbz 927469)

Browse Source
This commit is contained in:
Justin M. Forbes 2013-03-26 15:11:30 -05:00
parent a9ccf7f120
commit f62d812485
2 changed files with 85 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
fix-child-thread-introspection.patch Normal file
View File

@ -0,0 +1,76 @@
Allow threads other than the main thread to do introspection of files in
proc without relying on read permissions. proc_pid_follow_link() calls
proc_fd_access_allowed() which ultimately calls __ptrace_may_access().
Though this allows additional access to some proc files, we do not
believe that this has any unintended security implications. However it
probably needs to be looked at carefully.
The original problem was a thread of a process whose permissions were
111 couldn't open its own /proc/self/exe This was interfering with a
special purpose debugging tool. A simple reproducer is below.:
#include <pthread.h>
#include <unistd.h>
#include <stdio.h>
#include <errno.h>
#include <stdlib.h>
#include <sys/types.h>
#define BUFSIZE 2048
void *thread_main(void *arg){
char *str=(char*)arg;
char buf[BUFSIZE];
ssize_t len=readlink("/proc/self/exe", buf, BUFSIZE);
if(len==-1)
printf("/proc/self/exe in %s: %s\n", str,sys_errlist[errno]);
else
printf("/proc/self/exe in %s: OK\n", str);
return 0;
}
int main(){
pthread_t thread;
int retval=pthread_create( &thread, NULL, thread_main, "thread");
if(retval!=0)
exit(1);
thread_main("main");
pthread_join(thread, NULL);
exit(0);
}
Signed-off-by: Ben Woodard <woodard@redhat.com>
Signed-off-by: Mark Grondona <mgrondona@llnl.gov>
---
kernel/ptrace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index acbd284..347c4c7 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
diff -ruNp linux-3.8.4-103.fc17.noarch/kernel/ptrace.c linux-3.8.4-103.fc17.ptrace/kernel/ptrace.c
--- linux-3.8.4-103.fc17.noarch/kernel/ptrace.c 2013-02-18 17:58:34.000000000 -0600
+++ linux-3.8.4-103.fc17.ptrace/kernel/ptrace.c 2013-03-26 14:59:01.939396346 -0500
@@ -234,7 +234,7 @@ static int __ptrace_may_access(struct ta
*/
int dumpable = 0;
/* Don't let security modules deny introspection */
- if (task == current)
+ if (same_thread_group(task, current))
return 0;
rcu_read_lock();
tcred = __task_cred(task);
--
1.8.1.4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

9
kernel.spec
View File

@ -758,6 +758,9 @@ Patch22001: selinux-apply-different-permission-to-ptrace-child.patch
Patch23000: cpufreq-intel-pstate-validate-msrs.patch Patch23000: cpufreq-intel-pstate-validate-msrs.patch
Patch23001: cpufreq-intel-pstate-max-is-in-the-max-variable-who-knew.patch Patch23001: cpufreq-intel-pstate-max-is-in-the-max-variable-who-knew.patch
#rhbz 927469
Patch23006: fix-child-thread-introspection.patch
# END OF PATCH DEFINITIONS # END OF PATCH DEFINITIONS
%endif %endif
@ -1460,6 +1463,9 @@ ApplyPatch HID-usbhid-quirk-for-MSI-GX680R-led-panel.patch
#rhbz 806587 #rhbz 806587
ApplyPatch HID-usbhid-quirk-for-Realtek-Multi-card-reader.patch ApplyPatch HID-usbhid-quirk-for-Realtek-Multi-card-reader.patch
#rhbz 927469
ApplyPatch fix-child-thread-introspection.patch
# END OF PATCH APPLICATIONS # END OF PATCH APPLICATIONS
%endif %endif
@ -2301,6 +2307,9 @@ fi
# ||----w | # ||----w |
# || || # || ||
%changelog %changelog
* Tue Mar 26 2013 Justin M. Forbes <jforbes@redhat.com>
- Fix child thread introspection of of /proc/self/exe (rhbz 927469)
* Tue Mar 26 2013 Dave Jones <davej@redhat.com> * Tue Mar 26 2013 Dave Jones <davej@redhat.com>
- Enable CONFIG_DM_CACHE (rhbz 924325) - Enable CONFIG_DM_CACHE (rhbz 924325)