From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Date: Tue, 25 Sep 2018 21:39:53 +0300
From: Cyrill Gorcunov <gorcunov@gmail.com>
To: Tong Zhang <ztong@vt.edu>
Cc: adobriyan@gmail.com, akpm@linux-foundation.org,
        viro@zeniv.linux.org.uk, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org,
        linux-security-module@vger.kernel.org, wenbo.s@samsung.com
Subject: Re: Leaking path for set_task_comm
Message-ID: <20180925183953.GI15710@uranus>
References: <F7DFF547-5267-4EF3-8BF3-70DAF6C2A53A@vt.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <F7DFF547-5267-4EF3-8BF3-70DAF6C2A53A@vt.edu>
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Tue, Sep 25, 2018 at 01:27:08PM -0400, Tong Zhang wrote:
> Kernel Version: 4.18.5
> 
> Problem Description:
> 
> When using prctl(PR_SET_NAME) to set the thread name, it is checked by security_task_prctl.
> 
> We discovered a leaking path that can also use method implemented in 
> fs/proc/base.c:1526 comm_write(), to do similar thing without asking LSM’s decision.

I don't understand how it is a problem. Could you please explain?
procfs/comm is created with S_IRUGO|S_IWUSR permissions. So
prctl and procfs are simply different interfaces.