From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754457AbcGZAVg (ORCPT <rfc822;w@1wt.eu>);
	Mon, 25 Jul 2016 20:21:36 -0400
Received: from mail-yw0-f174.google.com ([209.85.161.174]:36562 "EHLO
	mail-yw0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752108AbcGZAVf (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 25 Jul 2016 20:21:35 -0400
MIME-Version: 1.0
In-Reply-To: <CALCETrX5en4p1vGQkxHc1=LZG4nvTfJSrTTMPyZwpZYhntTXTw@mail.gmail.com>
References: <cover.1466464928.git.luto@kernel.org> <8bacd629dcdbb97ee0626912c27a4a09f991b5dd.1466464928.git.luto@kernel.org>
 <CALCETrX=c=5=bJATY8s3ZxqkS3nf81O8gf7ta-f_hbBZFG0TUw@mail.gmail.com>
 <20160725063825.GB12474@gmail.com> <CALCETrX5en4p1vGQkxHc1=LZG4nvTfJSrTTMPyZwpZYhntTXTw@mail.gmail.com>
From: Andy Lutomirski <luto@amacapital.net>
Date: Mon, 25 Jul 2016 17:21:15 -0700
Message-ID: <CALCETrVPJGG212ZBYXAZzXTzHZY9gAHppBdAya708Y=uZJEsVg@mail.gmail.com>
Subject: Re: [PATCH v3 1/3] x86/ptrace: Stop setting TS_COMPAT in ptrace code
To: Ingo Molnar <mingo@kernel.org>
Cc: Pedro Alves <palves@redhat.com>, Oleg Nesterov <oleg@redhat.com>,
        Kees Cook <keescook@chromium.org>, Borislav Petkov <bp@alien8.de>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        X86 ML <x86@kernel.org>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Jul 25, 2016 at 9:57 AM, Andy Lutomirski <luto@amacapital.net> wrote:
> On Jul 24, 2016 11:38 PM, "Ingo Molnar" <mingo@kernel.org> wrote:
>>
>>
>> * Andy Lutomirski <luto@amacapital.net> wrote:
>>
>> > On Mon, Jun 20, 2016 at 4:39 PM, Andy Lutomirski <luto@kernel.org> wrote:
>> > > Setting TS_COMPAT in ptrace is wrong: if we happen to do it during
>> > > syscall entry, then we'll confuse seccomp and audit.  (The former
>> > > isn't a security problem: seccomp is currently entirely insecure if a
>> > > malicious ptracer is attached.)  As a minimal fix, this patch adds a
>> > > new flag TS_I386_REGS_POKED that handles the ptrace special case.
>> >
>> > Hi Ingo-
>> >
>> > Could you apply this one patch for 4.8?  While I don't think it's a
>> > significant security issue in 4.7 or earlier, leaving it unfixed in
>> > 4.8 will introduce a potentially unpleasant interaction with some
>> > seccomp changes that are queued up in the
>> > security tree for 4.8.
>> >
>> > It will have a trivially-resolvable conflict with -mm.
>> >
>> > The rest of the series this is in can wait.
>>
>> I don't mind the rest of the series either - could you please repost it (with the
>> review feedback addressed)?
>
> I'm nervous about it for a couple reasons involving the fact that it's
> user visible.
>
> 1. It doesn't make gdb work right in all the cases that gdb currently
> gets wrong.  I haven't had time to think about whether there's a
> minimal tweak that would fix this.

After re-reading the whole thread, I think that the rest of the series
needs a good self-test to make sure that we're providing whatever
behavior we think we're providing.  So I really don't what to apply it
yet.

--Andy