Current phrasing is ambiguous since it's unclear if attaching to a
children through PTRACE_TRACEME requires CAP_SYS_PTRACE. Rephrase the
sentence to make that clear.
Signed-off-by: Yves-Alexis Perez <[email protected]>
---
Documentation/admin-guide/LSM/Yama.rst | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Documentation/admin-guide/LSM/Yama.rst b/Documentation/admin-guide/LSM/Yama.rst
index 13468ea696b7..d0a060de3973 100644
--- a/Documentation/admin-guide/LSM/Yama.rst
+++ b/Documentation/admin-guide/LSM/Yama.rst
@@ -64,8 +64,8 @@ The sysctl settings (writable only with ``CAP_SYS_PTRACE``) are:
Using ``PTRACE_TRACEME`` is unchanged.
2 - admin-only attach:
- only processes with ``CAP_SYS_PTRACE`` may use ptrace
- with ``PTRACE_ATTACH``, or through children calling ``PTRACE_TRACEME``.
+ only processes with ``CAP_SYS_PTRACE`` may use ptrace, either with
+ ``PTRACE_ATTACH`` or through children calling ``PTRACE_TRACEME``.
3 - no attach:
no processes may use ptrace with ``PTRACE_ATTACH`` nor via
--
2.19.0
--
Yves-Alexis
On Tue, Oct 2, 2018 at 1:47 PM, Yves-Alexis Perez <[email protected]> wrote:
> Current phrasing is ambiguous since it's unclear if attaching to a
> children through PTRACE_TRACEME requires CAP_SYS_PTRACE. Rephrase the
> sentence to make that clear.
>
> Signed-off-by: Yves-Alexis Perez <[email protected]>
Thanks! Yes, this makes things more clear.
Acked-by: Kees Cook <[email protected]>
Jon, can you take this in your tree?
-Kees
> ---
> Documentation/admin-guide/LSM/Yama.rst | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/Documentation/admin-guide/LSM/Yama.rst b/Documentation/admin-guide/LSM/Yama.rst
> index 13468ea696b7..d0a060de3973 100644
> --- a/Documentation/admin-guide/LSM/Yama.rst
> +++ b/Documentation/admin-guide/LSM/Yama.rst
> @@ -64,8 +64,8 @@ The sysctl settings (writable only with ``CAP_SYS_PTRACE``) are:
> Using ``PTRACE_TRACEME`` is unchanged.
>
> 2 - admin-only attach:
> - only processes with ``CAP_SYS_PTRACE`` may use ptrace
> - with ``PTRACE_ATTACH``, or through children calling ``PTRACE_TRACEME``.
> + only processes with ``CAP_SYS_PTRACE`` may use ptrace, either with
> + ``PTRACE_ATTACH`` or through children calling ``PTRACE_TRACEME``.
>
> 3 - no attach:
> no processes may use ptrace with ``PTRACE_ATTACH`` nor via
> --
> 2.19.0
>
>
> --
> Yves-Alexis
--
Kees Cook
Pixel Security
On Tue, Oct 02, 2018 at 10:47:23PM +0200, Yves-Alexis Perez wrote:
> Current phrasing is ambiguous since it's unclear if attaching to a
> children through PTRACE_TRACEME requires CAP_SYS_PTRACE. Rephrase the
> sentence to make that clear.
I disagree that your sentence makes that clear. How about:
> 2 - admin-only attach:
> - only processes with ``CAP_SYS_PTRACE`` may use ptrace
> - with ``PTRACE_ATTACH``, or through children calling ``PTRACE_TRACEME``.
> + only processes with ``CAP_SYS_PTRACE`` may use ptrace, either with
> + ``PTRACE_ATTACH`` or through children calling ``PTRACE_TRACEME``.
+ only processes with ``CAP_SYS_PTRACE`` may use ptrace. This
+ restricts both ``PTRACE_ATTACH`` and ``PTRACE_TRACEME``.
On Tue, Oct 2, 2018 at 1:52 PM, Matthew Wilcox <[email protected]> wrote:
> On Tue, Oct 02, 2018 at 10:47:23PM +0200, Yves-Alexis Perez wrote:
>> Current phrasing is ambiguous since it's unclear if attaching to a
>> children through PTRACE_TRACEME requires CAP_SYS_PTRACE. Rephrase the
>> sentence to make that clear.
>
> I disagree that your sentence makes that clear. How about:
>
>> 2 - admin-only attach:
>> - only processes with ``CAP_SYS_PTRACE`` may use ptrace
>> - with ``PTRACE_ATTACH``, or through children calling ``PTRACE_TRACEME``.
>> + only processes with ``CAP_SYS_PTRACE`` may use ptrace, either with
>> + ``PTRACE_ATTACH`` or through children calling ``PTRACE_TRACEME``.
>
> + only processes with ``CAP_SYS_PTRACE`` may use ptrace. This
> + restricts both ``PTRACE_ATTACH`` and ``PTRACE_TRACEME``.
PTRACE_TRACEME is done by the child, not the process with
CAP_SYS_PTRACE, so I still think the Yves-Alexis's is clearer. But if
other agree, I'm fine with it. :)
-Kees
--
Kees Cook
Pixel Security
On Tue, 2018-10-02 at 13:52 -0700, Matthew Wilcox wrote:
> On Tue, Oct 02, 2018 at 10:47:23PM +0200, Yves-Alexis Perez wrote:
> > Current phrasing is ambiguous since it's unclear if attaching to a
> > children through PTRACE_TRACEME requires CAP_SYS_PTRACE. Rephrase the
> > sentence to make that clear.
>
> I disagree that your sentence makes that clear. How about:
>
> > 2 - admin-only attach:
> > - only processes with ``CAP_SYS_PTRACE`` may use ptrace
> > - with ``PTRACE_ATTACH``, or through children calling
> > ``PTRACE_TRACEME``.
> > + only processes with ``CAP_SYS_PTRACE`` may use ptrace, either with
> > + ``PTRACE_ATTACH`` or through children calling ``PTRACE_TRACEME``.
>
> + only processes with ``CAP_SYS_PTRACE`` may use ptrace. This
> + restricts both ``PTRACE_ATTACH`` and ``PTRACE_TRACEME``.
Hi Matthew,
I'm no native speaker, both versions are fine by me but I liked keeping the
“children calling” part since the semantics are quite different for
PTRACE_ATTACH and PTRACE_TRACEME.
Regards,
--
Yves-Alexis
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Tue, 2018-10-02 at 23:08 +0200, Yves-Alexis Perez wrote:
> On Tue, 2018-10-02 at 13:52 -0700, Matthew Wilcox wrote:
> > On Tue, Oct 02, 2018 at 10:47:23PM +0200, Yves-Alexis Perez wrote:
> > > Current phrasing is ambiguous since it's unclear if attaching to a
> > > children through PTRACE_TRACEME requires CAP_SYS_PTRACE. Rephrase the
> > > sentence to make that clear.
> >
> > I disagree that your sentence makes that clear. How about:
> >
> > > 2 - admin-only attach:
> > > - only processes with ``CAP_SYS_PTRACE`` may use ptrace
> > > - with ``PTRACE_ATTACH``, or through children calling
> > > ``PTRACE_TRACEME``.
> > > + only processes with ``CAP_SYS_PTRACE`` may use ptrace, either with
> > > + ``PTRACE_ATTACH`` or through children calling ``PTRACE_TRACEME``.
> >
> > + only processes with ``CAP_SYS_PTRACE`` may use ptrace. This
> > + restricts both ``PTRACE_ATTACH`` and ``PTRACE_TRACEME``.
>
> Hi Matthew,
>
> I'm no native speaker, both versions are fine by me but I liked keeping the
> “children calling” part since the semantics are quite different for
> PTRACE_ATTACH and PTRACE_TRACEME.
>
Hi Kees, Matthew,
so what's the status on this? Who needs to acknowledge one wording or another?
Regards,
- --
Yves-Alexis
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlu5ydIACgkQ3rYcyPpX
RFt7oAgAued/FsFiGvk6U/RG3JEj5p5aRu6harAXqK/Mw8n1gEu0nGvZvFJn31eY
fcU8quTtbmiNR2oYrAxjri2dhVd2JLsKDZU1bhpcKk33jDOzhUjeKnJgLGY38Z01
5idfKSy0CEZ0FvYvpt7gOm3loFlbM0au9JgFszVwFM8Yartr5vH1mPlZUwGbrroH
RORqAkwVI+g8iK1vqq9fdCf9J5mwcYu0DR8STvP8Nx12zEDNeiCShvXDNNt5VKg3
BHVNPHvE8uKaZmlyYt1oy9ZKjjcHn6veVkKEKFRz/TVc+q/Z7G1cORzVb7GzIPGj
9GoIZP2+Wi+7KUqUYQnHZSfujd5BzQ==
=jfBM
-----END PGP SIGNATURE-----
On Tue, 2 Oct 2018 13:52:32 -0700
Kees Cook <[email protected]> wrote:
> On Tue, Oct 2, 2018 at 1:47 PM, Yves-Alexis Perez <[email protected]> wrote:
> > Current phrasing is ambiguous since it's unclear if attaching to a
> > children through PTRACE_TRACEME requires CAP_SYS_PTRACE. Rephrase the
> > sentence to make that clear.
> >
> > Signed-off-by: Yves-Alexis Perez <[email protected]>
>
> Thanks! Yes, this makes things more clear.
>
> Acked-by: Kees Cook <[email protected]>
>
> Jon, can you take this in your tree?
Applied, thanks.
jon