Re: [PATCH] getrusage sucks

[David Wagner]

Claudio Scordino  wrote:
>So, is the following patch right ? I've added both the lock and the owner 
>check...

I think this patch is too permissive.  It lets me run a setuid-root
program and then call getrusage() on it.  That's not a good idea.
(I might, say, run /bin/su and then mount a timing or cache side-channel
attacks on its password hashing code.  That particular example might or
might not work, but I hope it illustrates my concern.)

Should you be using the same permission check that ptrace() does?
ptrace() is more restrictive than what you seemed to have in mind.
However, if ptrace() lets you attach to a process, then it's probably
pretty safe to let you call getrusage(), as you could have just used
ptrace() to read the process's entire memory image.

kernel/ptrace.c:ptrace_may_attach() might be relevant.

TOCTTOU vulnerabilities could be a problem.  If I understand correctly,
your locking code should take care of this, but you might want to
double-check, as I'm not very familiar with the kernel's locking scheme.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/