FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team
Reload this Page UBUNTU: SAUCE: AppArmor: Fix oops there is no tracer and doing unsafe transition.

 
 
LinkBack Thread Tools
 
Old 11-12-2009, 10:28 AM
Andy Whitcroft
 
Default UBUNTU: SAUCE: AppArmor: Fix oops there is no tracer and doing unsafe transition.
On Tue, Nov 10, 2009 at 10:29:13AM -0800, John Johansen wrote:
> BugLink: http://bugs.launchpad.net/bugs/480112
>
> SRU Justification: This bug can cause confined process to oops at address 0.
> This can occur when executing a process if the LSM_UNSAFE_PTRACE |
> LSM_UNSAFE_PTRACE_CAP flags are set. The likely hood of if/how often this
> will occur depends on if ptrace is being used.
>
> As reported by Tetsuo Handa on kernel-team mailing list:
>
> In aa_may_change_ptraced_domain, if (!tracer) cred == NULL, and
> put_cred(cred) will oops. This will only happen on exec if the task
> is marked as LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP, so should
> only happen to ptraced tasks that are confined.
>
> Fix this by returning directly from aa_may_change_ptrace_domain if
> there is now tracer.
>
> Signed-off-by: John Johansen <john.johansen@canonical.com>
> ---
> ubuntu/apparmor/domain.c | 4 ++++
> 1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/ubuntu/apparmor/domain.c b/ubuntu/apparmor/domain.c
> index fe89ddc..12e45c6 100644
> --- a/ubuntu/apparmor/domain.c
> +++ b/ubuntu/apparmor/domain.c
> @@ -64,6 +64,10 @@ static int aa_may_change_ptraced_domain(struct task_struct *task,
> cred = aa_get_task_policy(tracer, &tracerp);
> rcu_read_unlock();
>
> + /* not ptraced */
> + if (!tracer)
> + return 0;
> +
> if (!tracerp)
> goto out;
>
> --
> 1.6.3.3

Hrm, now perhaps this is fixing the concern I raised in the previous
patch. Perhaps it would be safer to simply make the put_cred()
incantation instead?

if (cred)
put_cred(cred);

-apw

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 11-12-2009, 10:36 AM
Andy Whitcroft
 
Default UBUNTU: SAUCE: AppArmor: Fix oops there is no tracer and doing unsafe transition.
On Thu, Nov 12, 2009 at 11:28:10AM +0000, Andy Whitcroft wrote:

> Hrm, now perhaps this is fixing the concern I raised in the previous
> patch. Perhaps it would be safer to simply make the put_cred()
> incantation instead?
>
> if (cred)
> put_cred(cred);

I guess I _am_ happy that the current form would address the concern and
so in that sense:

Acked-by: Andy Whitcroft <apw@canonical.com>

I would suggest considering a more bullet proof approach as above for
your mainline efforts as its clearer that cred can only be released if
non-null, and its safer against further change in the function.

-apw

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 12:10 PM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -