Re: [PATCH 2/2] taskstats: restrict access to user

From: Balbir Singh
Date: Thu Jul 07 2011 - 07:53:44 EST

Next message: Daniel Mack: "Allocating buffers for USB transfers (again)"
Previous message: Ravishankar: "[PATCH 8/8] Staging: comedi: fix brace and printk coding style issue in serial2002.c"
In reply to: Vasiliy Kulikov: "Re: [PATCH 2/2] taskstats: restrict access to user"
Next in thread: Vasiliy Kulikov: "Re: [PATCH 2/2] taskstats: restrict access to user"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jul 7, 2011 at 2:25 PM, Vasiliy Kulikov <segoon@xxxxxxxxxxxx> wrote:
> On Mon, Jul 04, 2011 at 21:45 +0400, Vasiliy Kulikov wrote:
>> The already known danger is these io fields.
>
> Two more things:
>
> 1) unblocking netlink socket on task exit is a rather useful help to win
> different races. E.g. if the vulnerable program has the code -
>
> wait(NULL);
> do_smth_racy();
>
> - then the attacker's task listening for the taskstats event will be
> effectively woken up just before the racy code. It might greatly
> increase the chanses to win the race => to exploit the bug.
> (The same defect exists in inotify.)
>

I don't see why taskstats is singled out, please look at proc
notifiers as well. I don't buy this use case, what are we trying to
save here and why is taskstats responsible, because it notifies?

>
> 2) taskstats gives the task information at the precisely specific moment
> - task death. So, the attacker shouldn't guess whether some event
> occured or not. The formula of gotten information is _exactly_ task
> activity during the life. On the contrary, getting the same information
> from procfs files might result in some inaccuracy because of measuring
> time inaccuracy (scheduler's variability, different disks' load, etc.).
>
> Of cource, (2) makes sense only if some sensible information is still
> available through taskstats.

Again this makes no sense to me, at the end we send accumulated data
and that data can be read from /proc/$pid (mostly). The race is that
while I go off to read the data the process might disappear taking all
of its data with it, which is what taskstats tries to solve among
other things. Your use case has a lot of hand waving, which I frankly
cannot put to a logical place in my mind.

Balbir Singh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Daniel Mack: "Allocating buffers for USB transfers (again)"
Previous message: Ravishankar: "[PATCH 8/8] Staging: comedi: fix brace and printk coding style issue in serial2002.c"
In reply to: Vasiliy Kulikov: "Re: [PATCH 2/2] taskstats: restrict access to user"
Next in thread: Vasiliy Kulikov: "Re: [PATCH 2/2] taskstats: restrict access to user"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]