Re: [PATCH v3 1/3] x86/ptrace: Stop setting TS_COMPAT in ptrace code

[Andy Lutomirski]

On Mon, Jul 25, 2016 at 9:57 AM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
> On Jul 24, 2016 11:38 PM, "Ingo Molnar" <mingo@xxxxxxxxxx> wrote:
>>
>>
>> * Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
>>
>> > On Mon, Jun 20, 2016 at 4:39 PM, Andy Lutomirski <luto@xxxxxxxxxx> wrote:
>> > > Setting TS_COMPAT in ptrace is wrong: if we happen to do it during
>> > > syscall entry, then we'll confuse seccomp and audit.  (The former
>> > > isn't a security problem: seccomp is currently entirely insecure if a
>> > > malicious ptracer is attached.)  As a minimal fix, this patch adds a
>> > > new flag TS_I386_REGS_POKED that handles the ptrace special case.
>> >
>> > Hi Ingo-
>> >
>> > Could you apply this one patch for 4.8?  While I don't think it's a
>> > significant security issue in 4.7 or earlier, leaving it unfixed in
>> > 4.8 will introduce a potentially unpleasant interaction with some
>> > seccomp changes that are queued up in the
>> > security tree for 4.8.
>> >
>> > It will have a trivially-resolvable conflict with -mm.
>> >
>> > The rest of the series this is in can wait.
>>
>> I don't mind the rest of the series either - could you please repost it (with the
>> review feedback addressed)?
>
> I'm nervous about it for a couple reasons involving the fact that it's
> user visible.
>
> 1. It doesn't make gdb work right in all the cases that gdb currently
> gets wrong.  I haven't had time to think about whether there's a
> minimal tweak that would fix this.

After re-reading the whole thread, I think that the rest of the series
needs a good self-test to make sure that we're providing whatever
behavior we think we're providing.  So I really don't what to apply it
yet.

--Andy