[REVIEW][PATCH 0/3] Fixing ptrace vs exec vs userns interactions
From: Eric W. Biederman
Date: Thu Nov 17 2016 - 12:07:45 EST
With everyone heading to Kernel Summit and Plumbers I put this set of
patches down temporarily. Now is the time to take it back up and to
make certain I am not missing something stupid in this set of patches.
There are other issues in this area as well, but these are the pieces
that I can see clearly, and have tested fixes for.
Andy as to your criticism about using strace sudo I can't possibly see
how that is effective or useful. Under strace sudo won't run as root
today, and will immediately exit because it is not root. Furthermore
the only place I can find non-readable executables is people hardening
suid root executables so they are more difficult to trace. So I
definitely think we should honor the unix permissions and people's
expressed wishes.
Eric W. Biederman (3):
ptrace: Capture the ptracer's creds not PT_PTRACE_CAP
exec: Don't allow ptracing an exec of an unreadable file
exec: Ensure mm->user_ns contains the execed files
fs/exec.c | 26 +++++++++++++++++++++++---
include/linux/capability.h | 2 ++
include/linux/ptrace.h | 1 -
include/linux/sched.h | 1 +
kernel/capability.c | 36 ++++++++++++++++++++++++++++++++++--
kernel/ptrace.c | 12 +++++++-----
6 files changed, 67 insertions(+), 11 deletions(-)