[kernel] Fix child thread introspection of of /proc/self/exe (rhbz 927469)
Justin M. Forbes
jforbes at fedoraproject.org
Tue Mar 26 20:18:45 UTC 2013
commit f62d8124855ba86be3b05887a0980f26c7cb8da8
Author: Justin M. Forbes <jforbes at redhat.com>
Date: Tue Mar 26 15:11:30 2013 -0500
Fix child thread introspection of of /proc/self/exe (rhbz 927469)
fix-child-thread-introspection.patch | 76 ++++++++++++++++++++++++++++++++++
kernel.spec | 9 ++++
2 files changed, 85 insertions(+), 0 deletions(-)
---
diff --git a/fix-child-thread-introspection.patch b/fix-child-thread-introspection.patch
new file mode 100644
index 0000000..4c0bad1
--- /dev/null
+++ b/fix-child-thread-introspection.patch
@@ -0,0 +1,76 @@
+Allow threads other than the main thread to do introspection of files in
+proc without relying on read permissions. proc_pid_follow_link() calls
+proc_fd_access_allowed() which ultimately calls __ptrace_may_access().
+
+Though this allows additional access to some proc files, we do not
+believe that this has any unintended security implications. However it
+probably needs to be looked at carefully.
+
+The original problem was a thread of a process whose permissions were
+111 couldn't open its own /proc/self/exe This was interfering with a
+special purpose debugging tool. A simple reproducer is below.:
+
+#include <pthread.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <sys/types.h>
+
+#define BUFSIZE 2048
+
+void *thread_main(void *arg){
+ char *str=(char*)arg;
+ char buf[BUFSIZE];
+ ssize_t len=readlink("/proc/self/exe", buf, BUFSIZE);
+ if(len==-1)
+ printf("/proc/self/exe in %s: %s\n", str,sys_errlist[errno]);
+ else
+ printf("/proc/self/exe in %s: OK\n", str);
+
+ return 0;
+}
+
+int main(){
+ pthread_t thread;
+
+ int retval=pthread_create( &thread, NULL, thread_main, "thread");
+ if(retval!=0)
+ exit(1);
+
+ thread_main("main");
+ pthread_join(thread, NULL);
+
+ exit(0);
+}
+
+Signed-off-by: Ben Woodard <woodard at redhat.com>
+Signed-off-by: Mark Grondona <mgrondona at llnl.gov>
+---
+ kernel/ptrace.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/kernel/ptrace.c b/kernel/ptrace.c
+index acbd284..347c4c7 100644
+--- a/kernel/ptrace.c
++++ b/kernel/ptrace.c
+diff -ruNp linux-3.8.4-103.fc17.noarch/kernel/ptrace.c linux-3.8.4-103.fc17.ptrace/kernel/ptrace.c
+--- linux-3.8.4-103.fc17.noarch/kernel/ptrace.c 2013-02-18 17:58:34.000000000 -0600
++++ linux-3.8.4-103.fc17.ptrace/kernel/ptrace.c 2013-03-26 14:59:01.939396346 -0500
+@@ -234,7 +234,7 @@ static int __ptrace_may_access(struct ta
+ */
+ int dumpable = 0;
+ /* Don't let security modules deny introspection */
+- if (task == current)
++ if (same_thread_group(task, current))
+ return 0;
+ rcu_read_lock();
+ tcred = __task_cred(task);
+--
+1.8.1.4
+
+--
+To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
+the body of a message to majordomo at vger.kernel.org
+More majordomo info at http://vger.kernel.org/majordomo-info.html
+Please read the FAQ at http://www.tux.org/lkml/
diff --git a/kernel.spec b/kernel.spec
index dc95555..1b5b807 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -758,6 +758,9 @@ Patch22001: selinux-apply-different-permission-to-ptrace-child.patch
Patch23000: cpufreq-intel-pstate-validate-msrs.patch
Patch23001: cpufreq-intel-pstate-max-is-in-the-max-variable-who-knew.patch
+#rhbz 927469
+Patch23006: fix-child-thread-introspection.patch
+
# END OF PATCH DEFINITIONS
%endif
@@ -1460,6 +1463,9 @@ ApplyPatch HID-usbhid-quirk-for-MSI-GX680R-led-panel.patch
#rhbz 806587
ApplyPatch HID-usbhid-quirk-for-Realtek-Multi-card-reader.patch
+#rhbz 927469
+ApplyPatch fix-child-thread-introspection.patch
+
# END OF PATCH APPLICATIONS
%endif
@@ -2301,6 +2307,9 @@ fi
# ||----w |
# || ||
%changelog
+* Tue Mar 26 2013 Justin M. Forbes <jforbes at redhat.com>
+- Fix child thread introspection of of /proc/self/exe (rhbz 927469)
+
* Tue Mar 26 2013 Dave Jones <davej at redhat.com>
- Enable CONFIG_DM_CACHE (rhbz 924325)
More information about the scm-commits
mailing list