|
 |
030685d |
Allow threads other than the main thread to do introspection of files in
|
|
|
030685d |
proc without relying on read permissions. proc_pid_follow_link() calls
|
|
|
030685d |
proc_fd_access_allowed() which ultimately calls __ptrace_may_access().
|
|
|
030685d |
|
|
|
030685d |
Though this allows additional access to some proc files, we do not
|
|
|
030685d |
believe that this has any unintended security implications. However it
|
|
|
030685d |
probably needs to be looked at carefully.
|
|
|
030685d |
|
|
|
030685d |
The original problem was a thread of a process whose permissions were
|
|
|
030685d |
111 couldn't open its own /proc/self/exe This was interfering with a
|
|
|
030685d |
special purpose debugging tool. A simple reproducer is below.:
|
|
|
030685d |
|
|
|
030685d |
#include <pthread.h>
|
|
|
030685d |
#include <unistd.h>
|
|
|
030685d |
#include <stdio.h>
|
|
|
030685d |
#include <errno.h>
|
|
|
030685d |
#include <stdlib.h>
|
|
|
030685d |
#include <sys/types.h>
|
|
|
030685d |
|
|
|
030685d |
#define BUFSIZE 2048
|
|
|
030685d |
|
|
|
030685d |
void *thread_main(void *arg){
|
|
|
030685d |
char *str=(char*)arg;
|
|
|
030685d |
char buf[BUFSIZE];
|
|
|
030685d |
ssize_t len=readlink("/proc/self/exe", buf, BUFSIZE);
|
|
|
030685d |
if(len==-1)
|
|
|
030685d |
printf("/proc/self/exe in %s: %s\n", str,sys_errlist[errno]);
|
|
|
030685d |
else
|
|
|
030685d |
printf("/proc/self/exe in %s: OK\n", str);
|
|
|
030685d |
|
|
|
030685d |
return 0;
|
|
|
030685d |
}
|
|
|
030685d |
|
|
|
030685d |
int main(){
|
|
|
030685d |
pthread_t thread;
|
|
|
030685d |
|
|
|
030685d |
int retval=pthread_create( &thread, NULL, thread_main, "thread");
|
|
|
030685d |
if(retval!=0)
|
|
|
030685d |
exit(1);
|
|
|
030685d |
|
|
|
030685d |
thread_main("main");
|
|
|
030685d |
pthread_join(thread, NULL);
|
|
|
030685d |
|
|
|
030685d |
exit(0);
|
|
|
030685d |
}
|
|
|
030685d |
|
|
|
030685d |
Signed-off-by: Ben Woodard <woodard@redhat.com>
|
|
|
030685d |
Signed-off-by: Mark Grondona <mgrondona@llnl.gov>
|
|
|
030685d |
---
|
|
|
030685d |
kernel/ptrace.c | 2 +-
|
|
|
030685d |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
030685d |
|
|
|
030685d |
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
|
|
|
030685d |
index acbd284..347c4c7 100644
|
|
|
030685d |
--- a/kernel/ptrace.c
|
|
|
030685d |
+++ b/kernel/ptrace.c
|
|
|
030685d |
diff -ruNp linux-3.8.4-103.fc17.noarch/kernel/ptrace.c linux-3.8.4-103.fc17.ptrace/kernel/ptrace.c
|
|
|
030685d |
--- linux-3.8.4-103.fc17.noarch/kernel/ptrace.c 2013-02-18 17:58:34.000000000 -0600
|
|
|
030685d |
+++ linux-3.8.4-103.fc17.ptrace/kernel/ptrace.c 2013-03-26 14:59:01.939396346 -0500
|
|
|
030685d |
@@ -234,7 +234,7 @@ static int __ptrace_may_access(struct ta
|
|
|
030685d |
*/
|
|
|
030685d |
int dumpable = 0;
|
|
|
030685d |
/* Don't let security modules deny introspection */
|
|
|
030685d |
- if (task == current)
|
|
|
030685d |
+ if (same_thread_group(task, current))
|
|
|
030685d |
return 0;
|
|
|
030685d |
rcu_read_lock();
|
|
|
030685d |
tcred = __task_cred(task);
|
|
|
030685d |
--
|
|
|
030685d |
1.8.1.4
|
|
|
030685d |
|
|
|
030685d |
--
|
|
|
030685d |
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
|
|
|
030685d |
the body of a message to majordomo@vger.kernel.org
|
|
|
030685d |
More majordomo info at http://vger.kernel.org/majordomo-info.html
|
|
|
030685d |
Please read the FAQ at http://www.tux.org/lkml/
|