Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 25 Sep 2013 21:14:36 +0100
From: Djalal Harouni <tixxdz@...ndz.org>
To: "Eric W. Biederman" <ebiederm@...ssion.com>,
	Kees Cook <keescook@...omium.org>,
	Al Viro <viro@...iv.linux.org.uk>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Ingo Molnar <mingo@...nel.org>,
	"Serge E. Hallyn" <serge.hallyn@...ntu.com>,
	Cyrill Gorcunov <gorcunov@...nvz.org>,
	LKML <linux-kernel@...r.kernel.org>,
	linux-fsdevel@...r.kernel.org,
	<kernel-hardening@...ts.openwall.com>
Cc: tixxdz@...il.com,
	Djalal Harouni <tixxdz@...ndz.org>
Subject: [PATCH 03/12] procfs: Document the proposed solution to protect procfs entries

Note the proposed solution to protect sensitive procfs entries as
code comment.

Cc: Kees Cook <keescook@...omium.org>
Cc: Eric W. Biederman <ebiederm@...ssion.com>
Signed-off-by: Djalal Harouni <tixxdz@...ndz.org>
---
 fs/proc/base.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/fs/proc/base.c b/fs/proc/base.c
index c29eeae..8d21316 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -102,6 +102,17 @@
  *
  *	The classic example of a problem is opening file descriptors
  *	in /proc for a task before it execs a suid executable.
+ *
+ * Solution for sensitive files:
+ *	At each system call: open(),read(),write()... Perform the
+ *	ptrace_may_access() check.
+ *
+ *	After open() and during each system call: read(),write()...
+ *	If the cred of current have changed then perform the
+ *	proc_allow_access() check after the ptrace_may_access() one.
+ *
+ *	This way we can determine if current has gained more privileges
+ *	by execs a suid executable.
  */
 
 struct pid_entry {
-- 
1.7.11.7

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.