Re: Ptrace hole / Linux 2.2.25

Alan Cox (alan@lxorguk.ukuu.org.uk)
18 Mar 2003 01:46:41 +0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrew Morton: "Re: [PATCH] Don't refill pcp lists during SWSUSP."
Previous message: Ed Vance: "RE: Linux-2.4.20 modem control"

On Mon, 2003-03-17 at 18:39, Ben Pfaff wrote:
> I am concerned about this change because it will break sandboxing
> software that I have written, which uses prctl() to turn
> dumpability back on so that it can open a file, setuid(), and
> then execve() through the open file via /proc/self/fd/#. Without
> calling prctl(), the ownership of /proc/self/fd/* becomes root,
> so the process cannot exec it after it drops privileges. It uses
> prctl() in other places to get the same effect in /proc, but
> that's one of the most critical.

The dumpability is per mm, which means that you have to consider
all the cases of a thread being created in parallel to dumpability
being enabled.

So consider a three threaded process. Thread one triggers kernel thread
creation, thread two turns dumpability back on, thread three ptraces
the new kernel thread.

Proving that is safe is non trivial so the current patch chooses not
to attempt it. For 2.4.21 proper someone can sit down and do the needed
verification if they wish

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: [PATCH] Don't refill pcp lists during SWSUSP."
Previous message: Ed Vance: "RE: Linux-2.4.20 modem control"