From: Oleg Nesterov <oleg@redhat.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Davidlohr Bueso <dave@stgolabs.net>,
Manfred Spraul <manfred@colorfullife.com>,
Markus Elfring <elfring@users.sourceforge.net>,
Yoji <yoji.fujihar.min@gmail.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] ipc/mqueue.c: change __do_notify() to bypass check_kill_permission()
Date: Tue, 24 Mar 2020 12:52:12 +0100 [thread overview]
Message-ID: <20200324115212.GA10095@redhat.com> (raw)
In-Reply-To: <87bloma29h.fsf@x220.int.ebiederm.org>
On 03/23, Eric W. Biederman wrote:
>
> So far what we have is a report Oleg has read somewhere that some
> program doing something regressed, and his patch to fix that specific
> program. This problem was not noticed for several years.
Yes, this was reported on bugzilla.redhat.com, I'll add you to CC list.
> Presumably the problem is that a message queue was written to by one
> user and was read by another user to cause check_kill_permission to
> fail. Can someone tell me if that was the case?
I do not know. Yoji, did you hit this bug or did you find it by code
inspection ?
> So I am looking for something that makes it clear we are not removing
> a permission checking and backporting a security hole.
Yes, I thought about this too. I can be easily wrong, please correct me,
but I came to conclusion the old behaviour (no permission check) is fine
security-wise.
> Further even if in the common case it is the right thing to do to remove
> the permission check, the handling around exec looks bad enough that we
> will be backporting a security hole if we don't fix that and backport
> that at the same time.
could you explain what exactly you do not like wrt mq_notify/exec ?
I must have missed something.
> p.s. I am grouchy as temporary fixes in this part of the code base
> don't tend to be temporary and the entire signal/exec/ptrace world
> is bordering on unmaintainble and incomprehensible as a result.
Eric, please feel free to make another fix you like more. I know that
I can't convince you anyway, I won't argue.
Oleg.
next prev parent reply other threads:[~2020-03-24 11:52 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-22 11:09 [PATCH] ipc/mqueue.c: change __do_notify() to bypass check_kill_permission() Oleg Nesterov
2020-03-22 14:17 ` Eric W. Biederman
2020-03-22 14:59 ` Eric W. Biederman
2020-03-22 20:29 ` Oleg Nesterov
2020-03-23 16:47 ` Eric W. Biederman
2020-03-24 2:12 ` Andrew Morton
2020-03-24 2:57 ` Eric W. Biederman
2020-03-24 11:52 ` Oleg Nesterov [this message]
2020-03-24 20:08 ` Oleg Nesterov
2020-03-24 10:35 ` Oleg Nesterov
2020-03-24 20:09 ` [PATCH V2] " Oleg Nesterov
2020-03-26 12:54 ` Eric W. Biederman
2020-03-27 19:56 ` [PATCH -mm] ipc-mqueuec-change-__do_notify-to-bypass-check_kill_permission-fix Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200324115212.GA10095@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=dave@stgolabs.net \
--cc=ebiederm@xmission.com \
--cc=elfring@users.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=manfred@colorfullife.com \
--cc=yoji.fujihar.min@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).