Re: [PATCH v4] proc: add config & param to block forcing mem writes

Adrian Ratiu adrian.ratiu at collabora.com
Wed Jul 31 13:15:54 UTC 2024


On Wednesday, July 31, 2024 02:18 EEST, Linus Torvalds <torvalds at linux-foundation.org> wrote:

> On Tue, 30 Jul 2024 at 16:09, Jeff Xu <jeffxu at google.com> wrote:
> >
> > > +               task = get_proc_task(file_inode(file));
> > > +               if (task) {
> > > +                       ptrace_active = task->ptrace && task->mm == mm && task->parent == current;
> >
> > Do we need to call "read_lock(&tasklist_lock);" ?
> > see comments in ptrace_check_attach() of  kernel/ptrace.c
> 
> Well, technically I guess the tasklist_lock should be taken.
> 
> Practically speaking, maybe just using READ_ONCE() for these fields
> would really be sufficient.
> 
> Yes, it could "race" with the task exiting or just detaching, but the
> logic would basically be "at one point we were tracing it", and since
> this fundamentally a "one-point" situation (with the actual _accesses_
> happening later anyway), logically that should be sufficient.
> 
> I mean - none of this is about "permissions" per se. We actually did
> the proper *permission* check at open() time regardless of all this
> code. This is more of a further tightening of the rules (ie it has
> gone from "are we allowed to ptrace" to "are we actually actively
> ptracing".
> 
> I suspect that the main difference between the two situations is
> probably (a) one extra step required and (b) whatever extra system
> call security things people might have which may disable an actual
> ptrace() or whatever..

Either approach is fine with me.

Will leave v4 a few days longer in case others have a stronger
opinion or to gather & address more feedback.

If no one objects by then, I'll send v5 with READ_ONCE().




More information about the Linux-security-module-archive mailing list