* [PATCH v5 5/7] proc: instantiate only pids that we can ptrace on 'limit_pids=1' mount option
@ 2018-05-11 9:36 ` Alexey Gladkov
0 siblings, 0 replies; 13+ messages in thread
From: Alexey Gladkov @ 2018-05-11 9:36 UTC (permalink / raw)
To: Kees Cook, Andy Lutomirski, Andrew Morton, linux-fsdevel,
linux-kernel, kernel-hardening, linux-security-module, linux-api
Cc: Greg Kroah-Hartman, Alexander Viro, Akinobu Mita, Oleg Nesterov,
Jeff Layton, Ingo Molnar, Alexey Dobriyan, Eric W. Biederman,
Linus Torvalds, aniel Micay, Jonathan Corbet, bfields,
Stephen Rothwell, solar, Dmitry V. Levin, Djalal Harouni
From: Djalal Harouni <tixxdz@gmail.com>
If "limit_pids=1" mount option is set then do not instantiate pids that
we can not ptrace. "limit_pids=1" means that procfs should only contain
pids that the caller can ptrace.
Cc: Kees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Djalal Harouni <tixxdz@gmail.com>
---
fs/proc/base.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 6f084344..31baeef 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -3187,6 +3187,7 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
unsigned tgid;
struct proc_fs_info *fs_info = proc_sb(dir->i_sb);
struct pid_namespace *ns = fs_info->pid_ns;
+ int limit_pids = proc_fs_limit_pids(fs_info);
tgid = name_to_int(&dentry->d_name);
if (tgid == ~0U)
@@ -3200,7 +3201,15 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
if (!task)
goto out;
+ /* Limit procfs to only ptracable tasks */
+ if (limit_pids == PROC_LIMIT_PIDS_PTRACE) {
+ cond_resched();
+ if (!has_pid_permissions(fs_info, task, HIDEPID_NO_ACCESS))
+ goto out_put_task;
+ }
+
result = proc_pid_instantiate(dir, dentry, task, NULL);
+out_put_task:
put_task_struct(task);
out:
return ERR_PTR(result);
--
2.10.5
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH v5 5/7] proc: instantiate only pids that we can ptrace on 'limit_pids=1' mount option
@ 2018-05-11 9:36 ` Alexey Gladkov
0 siblings, 0 replies; 13+ messages in thread
From: Alexey Gladkov @ 2018-05-11 9:36 UTC (permalink / raw)
To: linux-security-module
From: Djalal Harouni <tixxdz@gmail.com>
If "limit_pids=1" mount option is set then do not instantiate pids that
we can not ptrace. "limit_pids=1" means that procfs should only contain
pids that the caller can ptrace.
Cc: Kees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Djalal Harouni <tixxdz@gmail.com>
---
fs/proc/base.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 6f084344..31baeef 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -3187,6 +3187,7 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
unsigned tgid;
struct proc_fs_info *fs_info = proc_sb(dir->i_sb);
struct pid_namespace *ns = fs_info->pid_ns;
+ int limit_pids = proc_fs_limit_pids(fs_info);
tgid = name_to_int(&dentry->d_name);
if (tgid == ~0U)
@@ -3200,7 +3201,15 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
if (!task)
goto out;
+ /* Limit procfs to only ptracable tasks */
+ if (limit_pids == PROC_LIMIT_PIDS_PTRACE) {
+ cond_resched();
+ if (!has_pid_permissions(fs_info, task, HIDEPID_NO_ACCESS))
+ goto out_put_task;
+ }
+
result = proc_pid_instantiate(dir, dentry, task, NULL);
+out_put_task:
put_task_struct(task);
out:
return ERR_PTR(result);
--
2.10.5
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH v5 5/7] proc: instantiate only pids that we can ptrace on 'limit_pids=1' mount option
2018-05-11 9:36 ` Alexey Gladkov
@ 2018-05-11 16:09 ` Randy Dunlap
-1 siblings, 0 replies; 13+ messages in thread
From: Randy Dunlap @ 2018-05-11 16:09 UTC (permalink / raw)
To: Alexey Gladkov, Kees Cook, Andy Lutomirski, Andrew Morton,
linux-fsdevel, linux-kernel, kernel-hardening,
linux-security-module, linux-api
Cc: Greg Kroah-Hartman, Alexander Viro, Akinobu Mita, Oleg Nesterov,
Jeff Layton, Ingo Molnar, Alexey Dobriyan, Eric W. Biederman,
Linus Torvalds, aniel Micay, Jonathan Corbet, bfields,
Stephen Rothwell, solar, Dmitry V. Levin, Djalal Harouni
On 05/11/2018 02:36 AM, Alexey Gladkov wrote:
> From: Djalal Harouni <tixxdz@gmail.com>
>
> If "limit_pids=1" mount option is set then do not instantiate pids that
> we can not ptrace. "limit_pids=1" means that procfs should only contain
> pids that the caller can ptrace.
Where can I find documentation on these mount options (pidonly, limit_pids)?
Thanks.
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Andy Lutomirski <luto@kernel.org>
> Signed-off-by: Djalal Harouni <tixxdz@gmail.com>
> ---
> fs/proc/base.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
--
~Randy
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH v5 5/7] proc: instantiate only pids that we can ptrace on 'limit_pids=1' mount option
@ 2018-05-11 16:09 ` Randy Dunlap
0 siblings, 0 replies; 13+ messages in thread
From: Randy Dunlap @ 2018-05-11 16:09 UTC (permalink / raw)
To: linux-security-module
On 05/11/2018 02:36 AM, Alexey Gladkov wrote:
> From: Djalal Harouni <tixxdz@gmail.com>
>
> If "limit_pids=1" mount option is set then do not instantiate pids that
> we can not ptrace. "limit_pids=1" means that procfs should only contain
> pids that the caller can ptrace.
Where can I find documentation on these mount options (pidonly, limit_pids)?
Thanks.
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Andy Lutomirski <luto@kernel.org>
> Signed-off-by: Djalal Harouni <tixxdz@gmail.com>
> ---
> fs/proc/base.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
--
~Randy
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH v5 5/7] proc: instantiate only pids that we can ptrace on 'limit_pids=1' mount option
2018-05-11 9:36 ` Alexey Gladkov
(?)
@ 2018-05-11 16:45 ` Linus Torvalds
-1 siblings, 0 replies; 13+ messages in thread
From: Linus Torvalds @ 2018-05-11 16:45 UTC (permalink / raw)
To: gladkov.alexey
Cc: Kees Cook, Andrew Lutomirski, Andrew Morton, linux-fsdevel,
Linux Kernel Mailing List, Kernel Hardening, LSM List, Linux API,
Greg Kroah-Hartman, Al Viro, Akinobu Mita, Oleg Nesterov,
Jeff Layton, Ingo Molnar, Alexey Dobriyan, Eric W. Biederman,
Daniel Micay, Jonathan Corbet, J. Bruce Fields, Stephen Rothwell,
Solar Designer, Dmitry V. Levin, Djalal Harouni
On Fri, May 11, 2018 at 2:46 AM Alexey Gladkov <gladkov.alexey@gmail.com>
wrote:
> + /* Limit procfs to only ptracable tasks */
> + if (limit_pids == PROC_LIMIT_PIDS_PTRACE) {
> + cond_resched();
> + if (!has_pid_permissions(fs_info, task,
HIDEPID_NO_ACCESS))
> + goto out_put_task;
> + }
Where did that "cond_resched()" come from? That doesn't seem to make a lot
of sense.
Linus
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH v5 5/7] proc: instantiate only pids that we can ptrace on 'limit_pids=1' mount option
@ 2018-05-11 16:45 ` Linus Torvalds
0 siblings, 0 replies; 13+ messages in thread
From: Linus Torvalds @ 2018-05-11 16:45 UTC (permalink / raw)
To: gladkov.alexey
Cc: Kees Cook, Andrew Lutomirski, Andrew Morton, linux-fsdevel,
Linux Kernel Mailing List, Kernel Hardening, LSM List, Linux API,
Greg Kroah-Hartman, Al Viro, Akinobu Mita, Oleg Nesterov,
Jeff Layton, Ingo Molnar, Alexey Dobriyan, Eric W. Biederman,
Daniel Micay, Jonathan Corbet, J.
On Fri, May 11, 2018 at 2:46 AM Alexey Gladkov <gladkov.alexey@gmail.com>
wrote:
> + /* Limit procfs to only ptracable tasks */
> + if (limit_pids == PROC_LIMIT_PIDS_PTRACE) {
> + cond_resched();
> + if (!has_pid_permissions(fs_info, task,
HIDEPID_NO_ACCESS))
> + goto out_put_task;
> + }
Where did that "cond_resched()" come from? That doesn't seem to make a lot
of sense.
Linus
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH v5 5/7] proc: instantiate only pids that we can ptrace on 'limit_pids=1' mount option
@ 2018-05-11 16:45 ` Linus Torvalds
0 siblings, 0 replies; 13+ messages in thread
From: Linus Torvalds @ 2018-05-11 16:45 UTC (permalink / raw)
To: linux-security-module
On Fri, May 11, 2018 at 2:46 AM Alexey Gladkov <gladkov.alexey@gmail.com>
wrote:
> + /* Limit procfs to only ptracable tasks */
> + if (limit_pids == PROC_LIMIT_PIDS_PTRACE) {
> + cond_resched();
> + if (!has_pid_permissions(fs_info, task,
HIDEPID_NO_ACCESS))
> + goto out_put_task;
> + }
Where did that "cond_resched()" come from? That doesn't seem to make a lot
of sense.
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH v5 5/7] proc: instantiate only pids that we can ptrace on 'limit_pids=1' mount option
2018-05-11 16:45 ` Linus Torvalds
(?)
@ 2018-05-14 8:29 ` Alexey Gladkov
-1 siblings, 0 replies; 13+ messages in thread
From: Alexey Gladkov @ 2018-05-14 8:29 UTC (permalink / raw)
To: Linus Torvalds
Cc: Kees Cook, Andrew Lutomirski, Andrew Morton, linux-fsdevel,
Linux Kernel Mailing List, Kernel Hardening, LSM List, Linux API,
Greg Kroah-Hartman, Al Viro, Akinobu Mita, Oleg Nesterov,
Jeff Layton, Ingo Molnar, Alexey Dobriyan, Eric W. Biederman,
Daniel Micay, Jonathan Corbet, J. Bruce Fields, Stephen Rothwell,
Solar Designer, Dmitry V. Levin, Djalal Harouni
On Fri, May 11, 2018 at 09:45:33AM -0700, Linus Torvalds wrote:
> On Fri, May 11, 2018 at 2:46 AM Alexey Gladkov <gladkov.alexey@gmail.com>
> wrote:
>
> > + /* Limit procfs to only ptracable tasks */
> > + if (limit_pids == PROC_LIMIT_PIDS_PTRACE) {
> > + cond_resched();
> > + if (!has_pid_permissions(fs_info, task,
> HIDEPID_NO_ACCESS))
> > + goto out_put_task;
> > + }
>
> Where did that "cond_resched()" come from? That doesn't seem to make a lot
> of sense.
This call came along with has_pid_permissions from proc_pid_readdir [1]. It
seems to me that proc_pid_readdir and proc_pid_lookup should act in a
similar way in this case.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ba4bceef23206349d4130ddf140819b365de7c8
--
Rgrds, legion
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH v5 5/7] proc: instantiate only pids that we can ptrace on 'limit_pids=1' mount option
@ 2018-05-14 8:29 ` Alexey Gladkov
0 siblings, 0 replies; 13+ messages in thread
From: Alexey Gladkov @ 2018-05-14 8:29 UTC (permalink / raw)
To: Linus Torvalds
Cc: Kees Cook, Andrew Lutomirski, Andrew Morton, linux-fsdevel,
Linux Kernel Mailing List, Kernel Hardening, LSM List, Linux API,
Greg Kroah-Hartman, Al Viro, Akinobu Mita, Oleg Nesterov,
Jeff Layton, Ingo Molnar, Alexey Dobriyan, Eric W. Biederman,
Daniel Micay, Jonathan Corbet, J.
On Fri, May 11, 2018 at 09:45:33AM -0700, Linus Torvalds wrote:
> On Fri, May 11, 2018 at 2:46 AM Alexey Gladkov <gladkov.alexey@gmail.com>
> wrote:
>
> > + /* Limit procfs to only ptracable tasks */
> > + if (limit_pids == PROC_LIMIT_PIDS_PTRACE) {
> > + cond_resched();
> > + if (!has_pid_permissions(fs_info, task,
> HIDEPID_NO_ACCESS))
> > + goto out_put_task;
> > + }
>
> Where did that "cond_resched()" come from? That doesn't seem to make a lot
> of sense.
This call came along with has_pid_permissions from proc_pid_readdir [1]. It
seems to me that proc_pid_readdir and proc_pid_lookup should act in a
similar way in this case.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ba4bceef23206349d4130ddf140819b365de7c8
--
Rgrds, legion
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH v5 5/7] proc: instantiate only pids that we can ptrace on 'limit_pids=1' mount option
@ 2018-05-14 8:29 ` Alexey Gladkov
0 siblings, 0 replies; 13+ messages in thread
From: Alexey Gladkov @ 2018-05-14 8:29 UTC (permalink / raw)
To: linux-security-module
On Fri, May 11, 2018 at 09:45:33AM -0700, Linus Torvalds wrote:
> On Fri, May 11, 2018 at 2:46 AM Alexey Gladkov <gladkov.alexey@gmail.com>
> wrote:
>
> > + /* Limit procfs to only ptracable tasks */
> > + if (limit_pids == PROC_LIMIT_PIDS_PTRACE) {
> > + cond_resched();
> > + if (!has_pid_permissions(fs_info, task,
> HIDEPID_NO_ACCESS))
> > + goto out_put_task;
> > + }
>
> Where did that "cond_resched()" come from? That doesn't seem to make a lot
> of sense.
This call came along with has_pid_permissions from proc_pid_readdir [1]. It
seems to me that proc_pid_readdir and proc_pid_lookup should act in a
similar way in this case.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ba4bceef23206349d4130ddf140819b365de7c8
--
Rgrds, legion
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH v5 5/7] proc: instantiate only pids that we can ptrace on 'limit_pids=1' mount option
2018-05-11 16:09 ` Randy Dunlap
(?)
@ 2018-05-14 8:34 ` Alexey Gladkov
-1 siblings, 0 replies; 13+ messages in thread
From: Alexey Gladkov @ 2018-05-14 8:34 UTC (permalink / raw)
To: Randy Dunlap
Cc: Kees Cook, Andy Lutomirski, Andrew Morton, linux-fsdevel,
linux-kernel, kernel-hardening, linux-security-module, linux-api,
Greg Kroah-Hartman, Alexander Viro, Akinobu Mita, Oleg Nesterov,
Jeff Layton, Ingo Molnar, Alexey Dobriyan, Eric W. Biederman,
Linus Torvalds, aniel Micay, Jonathan Corbet, bfields,
Stephen Rothwell, solar, Dmitry V. Levin, Djalal Harouni
On Fri, May 11, 2018 at 09:09:04AM -0700, Randy Dunlap wrote:
> On 05/11/2018 02:36 AM, Alexey Gladkov wrote:
> > From: Djalal Harouni <tixxdz@gmail.com>
> >
> > If "limit_pids=1" mount option is set then do not instantiate pids that
> > we can not ptrace. "limit_pids=1" means that procfs should only contain
> > pids that the caller can ptrace.
>
> Where can I find documentation on these mount options (pidonly, limit_pids)?
The documentation is not ready yet. It will be added in the next version
of the patchset.
--
Rgrds, legion
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH v5 5/7] proc: instantiate only pids that we can ptrace on 'limit_pids=1' mount option
@ 2018-05-14 8:34 ` Alexey Gladkov
0 siblings, 0 replies; 13+ messages in thread
From: Alexey Gladkov @ 2018-05-14 8:34 UTC (permalink / raw)
To: Randy Dunlap
Cc: Kees Cook, Andy Lutomirski, Andrew Morton, linux-fsdevel,
linux-kernel, kernel-hardening, linux-security-module, linux-api,
Greg Kroah-Hartman, Alexander Viro, Akinobu Mita, Oleg Nesterov,
Jeff Layton, Ingo Molnar, Alexey Dobriyan, Eric W. Biederman,
Linus Torvalds, aniel Micay, Jonathan Corbet, bfields,
Stephen Rothwell
On Fri, May 11, 2018 at 09:09:04AM -0700, Randy Dunlap wrote:
> On 05/11/2018 02:36 AM, Alexey Gladkov wrote:
> > From: Djalal Harouni <tixxdz@gmail.com>
> >
> > If "limit_pids=1" mount option is set then do not instantiate pids that
> > we can not ptrace. "limit_pids=1" means that procfs should only contain
> > pids that the caller can ptrace.
>
> Where can I find documentation on these mount options (pidonly, limit_pids)?
The documentation is not ready yet. It will be added in the next version
of the patchset.
--
Rgrds, legion
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH v5 5/7] proc: instantiate only pids that we can ptrace on 'limit_pids=1' mount option
@ 2018-05-14 8:34 ` Alexey Gladkov
0 siblings, 0 replies; 13+ messages in thread
From: Alexey Gladkov @ 2018-05-14 8:34 UTC (permalink / raw)
To: linux-security-module
On Fri, May 11, 2018 at 09:09:04AM -0700, Randy Dunlap wrote:
> On 05/11/2018 02:36 AM, Alexey Gladkov wrote:
> > From: Djalal Harouni <tixxdz@gmail.com>
> >
> > If "limit_pids=1" mount option is set then do not instantiate pids that
> > we can not ptrace. "limit_pids=1" means that procfs should only contain
> > pids that the caller can ptrace.
>
> Where can I find documentation on these mount options (pidonly, limit_pids)?
The documentation is not ready yet. It will be added in the next version
of the patchset.
--
Rgrds, legion
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2018-05-14 8:42 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-11 9:36 [PATCH v5 5/7] proc: instantiate only pids that we can ptrace on 'limit_pids=1' mount option Alexey Gladkov
2018-05-11 9:36 ` Alexey Gladkov
2018-05-11 16:09 ` Randy Dunlap
2018-05-11 16:09 ` Randy Dunlap
2018-05-14 8:34 ` Alexey Gladkov
2018-05-14 8:34 ` Alexey Gladkov
2018-05-14 8:34 ` Alexey Gladkov
2018-05-11 16:45 ` Linus Torvalds
2018-05-11 16:45 ` Linus Torvalds
2018-05-11 16:45 ` Linus Torvalds
2018-05-14 8:29 ` Alexey Gladkov
2018-05-14 8:29 ` Alexey Gladkov
2018-05-14 8:29 ` Alexey Gladkov
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.