[Fedora 12/19] ptrace: Do not allow ptrace() from unsigned process to signed one
Vivek Goyal
vgoyal at redhat.com
Thu Sep 5 01:21:31 UTC 2013
On Wed, Sep 04, 2013 at 09:42:34PM +0000, Matthew Garrett wrote:
[ CC kexec fedora list ]
> On Wed, 2013-09-04 at 17:24 -0400, Vivek Goyal wrote:
>
> Doesn't this:
>
> > + if (!ptraced_by_unsafe_tracer())
> > + bprm->cred->proc_signed = true;
>
> race with this if the attacker is able to run between the check and
> proc_signed being set to true?
I think this should not be a problem. task->signal->cred_guard_mutex
should provide mutual exclusion here.
ptrace_attach()
mutex_lock_interruptible(&task->signal->cred_guard_mutex)
do_exeve_common()
prepare_bprm_creds()
mutex_lock_interruptible(¤t->signal->cred_guard_mutex);
search_binary_handler()
load_elf_binary()
ptraced_by_unsafe_tracer();
install_exec_creds()
mutex_unlock(¤t->signal->cred_guard_mutex);
So cred_guard_mutex is held while bprm is being prepared and till it is
installed. I think in that duration, no process can do a fresh
ptrace_attach().
Thanks
Vivek
More information about the kernel
mailing list