From: Linus Torvalds <torvalds@linux-foundation.org>
To: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Kees Cook <keescook@chromium.org>,
regressions@lists.linux.dev,
Andrea Righi <andrea.righi@canonical.com>
Subject: Re: Regression when writing to /proc/<pid>/attr/
Date: Tue, 8 Jun 2021 09:39:03 -0700 [thread overview]
Message-ID: <CAHk-=wg93iejO6zMZpXTnszrjdr=-iKjuC4q_LsGtNsuhfTCHg@mail.gmail.com> (raw)
In-Reply-To: <20210608115928.5ocvtyoekxa2a6vw@wittgenstein>
On Tue, Jun 8, 2021 at 4:59 AM Christian Brauner
<christian.brauner@ubuntu.com> wrote:
>
> Hm, but doesn't the mm check have the same problem? It's not checking
> the mm of the opener against the mm of the writer. To stay with the
> example in this thread, it's checking the mm of the <attached process>
> at open time against the mm of the <attached process> at write time if I
> read this correctly.
Yes and no. It is checking that the mm of the target still matches,
but what you don't see in the patch (because it was pre-existing) is
that it also checks that the target is "current".
So it does effectively check that current hasn't execve'd. So ack on
the patch from me.
Of course, we could _also_ allow a cross-execve() write if the creds
remain the same, but I think this "hasn't execve'd" is the better
check (and was what the original cred check patch basically aimed to
do anyway).
Linus
next prev parent reply other threads:[~2021-06-08 16:39 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-07 14:22 Regression when writing to /proc/<pid>/attr/ Christian Brauner
2021-06-07 23:38 ` Kees Cook
2021-06-08 0:02 ` Linus Torvalds
2021-06-08 2:15 ` Kees Cook
2021-06-08 6:44 ` Andrea Righi
2021-06-08 17:03 ` Kees Cook
2021-06-08 11:59 ` Christian Brauner
2021-06-08 16:39 ` Linus Torvalds [this message]
2021-06-08 8:51 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHk-=wg93iejO6zMZpXTnszrjdr=-iKjuC4q_LsGtNsuhfTCHg@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=andrea.righi@canonical.com \
--cc=christian.brauner@ubuntu.com \
--cc=keescook@chromium.org \
--cc=regressions@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).