[PATCH 0/6] utrace: security problems
Oleg Nesterov
oleg at redhat.com
Wed Jul 7 22:16:31 UTC 2010
On 07/07, Roland McGrath wrote:
>
> For exec transitions (set-id, file caps, selinux), I'd originally figured
> an engine's report_exec could check for changes and decide to detach itself
> if appropriate.
No, it can't. At this point S_ISUID/S_ISGID exid's were already dropped,
or exec can fail before before tracehook_report_exec().
We probably need new hooks, both in LSM and utrace.
> But it's premature to get into that before we have a bit of an ecosystem of
> different sorts of modules to consider concretely.
Yes, agreed, let's forget this for now.
The only question: do you think the trivial 1st patch is correct? Probably
it makes sense anyway (not now, yes). It would be really nice to avoid
using task->ptrace, this is the only old-ptrace-related member from
task_struct we currently use. I regret I didn't think about this when I
added PT_UTRACED.
Oleg.
More information about the utrace-devel
mailing list