On Wed, Sep 04, 2013 at 09:42:34PM +0000, Matthew Garrett wrote:
[ CC kexec fedora list ]
On Wed, 2013-09-04 at 17:24 -0400, Vivek Goyal wrote:
> + if (!ptraced_by_unsafe_tracer())
> + bprm->cred->proc_signed = true;
race with this if the attacker is able to run between the check and
proc_signed being set to true?
I think this should not be a problem. task->signal->cred_guard_mutex
should provide mutual exclusion here.
So cred_guard_mutex is held while bprm is being prepared and till it is
installed. I think in that duration, no process can do a fresh