Fix child thread introspection of of /proc/self/exe (rhbz 927469)
This commit is contained in:
parent
a9ccf7f120
commit
f62d812485
76
fix-child-thread-introspection.patch
Normal file
76
fix-child-thread-introspection.patch
Normal file
@ -0,0 +1,76 @@
|
||||
Allow threads other than the main thread to do introspection of files in
|
||||
proc without relying on read permissions. proc_pid_follow_link() calls
|
||||
proc_fd_access_allowed() which ultimately calls __ptrace_may_access().
|
||||
|
||||
Though this allows additional access to some proc files, we do not
|
||||
believe that this has any unintended security implications. However it
|
||||
probably needs to be looked at carefully.
|
||||
|
||||
The original problem was a thread of a process whose permissions were
|
||||
111 couldn't open its own /proc/self/exe This was interfering with a
|
||||
special purpose debugging tool. A simple reproducer is below.:
|
||||
|
||||
#include <pthread.h>
|
||||
#include <unistd.h>
|
||||
#include <stdio.h>
|
||||
#include <errno.h>
|
||||
#include <stdlib.h>
|
||||
#include <sys/types.h>
|
||||
|
||||
#define BUFSIZE 2048
|
||||
|
||||
void *thread_main(void *arg){
|
||||
char *str=(char*)arg;
|
||||
char buf[BUFSIZE];
|
||||
ssize_t len=readlink("/proc/self/exe", buf, BUFSIZE);
|
||||
if(len==-1)
|
||||
printf("/proc/self/exe in %s: %s\n", str,sys_errlist[errno]);
|
||||
else
|
||||
printf("/proc/self/exe in %s: OK\n", str);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int main(){
|
||||
pthread_t thread;
|
||||
|
||||
int retval=pthread_create( &thread, NULL, thread_main, "thread");
|
||||
if(retval!=0)
|
||||
exit(1);
|
||||
|
||||
thread_main("main");
|
||||
pthread_join(thread, NULL);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
||||
Signed-off-by: Ben Woodard <woodard@redhat.com>
|
||||
Signed-off-by: Mark Grondona <mgrondona@llnl.gov>
|
||||
---
|
||||
kernel/ptrace.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
|
||||
index acbd284..347c4c7 100644
|
||||
--- a/kernel/ptrace.c
|
||||
+++ b/kernel/ptrace.c
|
||||
diff -ruNp linux-3.8.4-103.fc17.noarch/kernel/ptrace.c linux-3.8.4-103.fc17.ptrace/kernel/ptrace.c
|
||||
--- linux-3.8.4-103.fc17.noarch/kernel/ptrace.c 2013-02-18 17:58:34.000000000 -0600
|
||||
+++ linux-3.8.4-103.fc17.ptrace/kernel/ptrace.c 2013-03-26 14:59:01.939396346 -0500
|
||||
@@ -234,7 +234,7 @@ static int __ptrace_may_access(struct ta
|
||||
*/
|
||||
int dumpable = 0;
|
||||
/* Don't let security modules deny introspection */
|
||||
- if (task == current)
|
||||
+ if (same_thread_group(task, current))
|
||||
return 0;
|
||||
rcu_read_lock();
|
||||
tcred = __task_cred(task);
|
||||
--
|
||||
1.8.1.4
|
||||
|
||||
--
|
||||
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
|
||||
the body of a message to majordomo@vger.kernel.org
|
||||
More majordomo info at http://vger.kernel.org/majordomo-info.html
|
||||
Please read the FAQ at http://www.tux.org/lkml/
|
@ -758,6 +758,9 @@ Patch22001: selinux-apply-different-permission-to-ptrace-child.patch
|
||||
Patch23000: cpufreq-intel-pstate-validate-msrs.patch
|
||||
Patch23001: cpufreq-intel-pstate-max-is-in-the-max-variable-who-knew.patch
|
||||
|
||||
#rhbz 927469
|
||||
Patch23006: fix-child-thread-introspection.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
@ -1460,6 +1463,9 @@ ApplyPatch HID-usbhid-quirk-for-MSI-GX680R-led-panel.patch
|
||||
#rhbz 806587
|
||||
ApplyPatch HID-usbhid-quirk-for-Realtek-Multi-card-reader.patch
|
||||
|
||||
#rhbz 927469
|
||||
ApplyPatch fix-child-thread-introspection.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
%endif
|
||||
@ -2301,6 +2307,9 @@ fi
|
||||
# ||----w |
|
||||
# || ||
|
||||
%changelog
|
||||
* Tue Mar 26 2013 Justin M. Forbes <jforbes@redhat.com>
|
||||
- Fix child thread introspection of of /proc/self/exe (rhbz 927469)
|
||||
|
||||
* Tue Mar 26 2013 Dave Jones <davej@redhat.com>
|
||||
- Enable CONFIG_DM_CACHE (rhbz 924325)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user