From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751340AbcFXISc (ORCPT <rfc822;w@1wt.eu>);
	Fri, 24 Jun 2016 04:18:32 -0400
Received: from mail-wm0-f66.google.com ([74.125.82.66]:35576 "EHLO
	mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750971AbcFXIS1 (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Fri, 24 Jun 2016 04:18:27 -0400
Subject: Re: Documenting ptrace access mode checking
To: "Eric W. Biederman" <ebiederm@xmission.com>
References: <e335a243-2199-2185-c7b3-fb1c898e9ab4@gmail.com>
 <87ziqewc3r.fsf@x220.int.ebiederm.org> <20160622215142.GA14751@redhat.com>
 <f8069f83-f7b6-ee2c-5167-fa0d50732180@gmail.com>
 <871t3nka3c.fsf@x220.int.ebiederm.org>
Cc: mtk.manpages@gmail.com, Oleg Nesterov <oleg@redhat.com>,
        Jann Horn <jann@thejh.net>, James Morris <jmorris@namei.org>,
        linux-man <linux-man@vger.kernel.org>,
        Stephen Smalley <sds@tycho.nsa.gov>,
        lkml <linux-kernel@vger.kernel.org>, Kees Cook <keescook@chromium.org>,
        linux-security-module <linux-security-module@vger.kernel.org>,
        Linux API <linux-api@vger.kernel.org>
From: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
Message-ID: <8dc0a0ec-c46d-778f-137f-b06dae9b2a39@gmail.com>
Date: Fri, 24 Jun 2016 10:18:21 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.1.0
MIME-Version: 1.0
In-Reply-To: <871t3nka3c.fsf@x220.int.ebiederm.org>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 06/23/2016 08:56 PM, Eric W. Biederman wrote:
> "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com> writes:
>
>> Hi Oleg,
>>
>> On 06/22/2016 11:51 PM, Oleg Nesterov wrote:
>>> On 06/21, Eric W. Biederman wrote:
>>>>
>>>> Adding Oleg just because he seems to do most of the ptrace related
>>>> maintenance these days.
>>>
>>> so I have to admit that I never even tried to actually understand
>>> ptrace_may_access ;)
>>>
>>>> We certainly need something that gives a high level view so people
>>>> reading the man page can know what to expect.   If you get down into the
>>>> weeds we run the danger of people beginning to think they can depend
>>>> upon bugs in the implementation.
>>>
>>> Personally I agree. I think "man ptrace" shouldn't not tell too much
>>> about kernel internals.
>>
>> See my other replies on this topic. Somehow, we need a way of
>> describing the behavior that user-space sees. I think it's
>> inevitable that that means talking about what;s going on
>> "under the hood".
>>
>> Regarding Eric's point that "we run the danger of people beginning
>> to think they can depend upon bugs in the implementation": when it
>> comes to breaking the ABI, the presence or absence of documentation
>> doesn't save us on that point (Linus has a few times made his position
>> wrt to documentation clear).
>
> Which are interesting in this respect as a bug in the implementation
> that is a security issue can and will be changed, even if userspace
> breaks.  Breaking userspace is not desirable but when there is no other
> reasonable choice it will happen.

Yes, good point.

Cheers,

Michael


-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/