On Wed, Sep 04, 2013 at 09:42:34PM +0000, Matthew Garrett wrote:
[ CC kexec fedora list ]
On Wed, 2013-09-04 at 17:24 -0400, Vivek Goyal wrote:
Doesn't this:
> + if (!ptraced_by_unsafe_tracer())
> + bprm->cred->proc_signed = true;
race with this if the attacker is able to run between the check and
proc_signed being set to true?
I think this should not be a problem. task->signal->cred_guard_mutex
should provide mutual exclusion here.
ptrace_attach()
mutex_lock_interruptible(&task->signal->cred_guard_mutex)
do_exeve_common()
prepare_bprm_creds()
mutex_lock_interruptible(¤t->signal->cred_guard_mutex);
search_binary_handler()
load_elf_binary()
ptraced_by_unsafe_tracer();
install_exec_creds()
mutex_unlock(¤t->signal->cred_guard_mutex);
So cred_guard_mutex is held while bprm is being prepared and till it is
installed. I think in that duration, no process can do a fresh
ptrace_attach().
Thanks
Vivek