Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756762AbdLVXOb (ORCPT ); Fri, 22 Dec 2017 18:14:31 -0500 Received: from mail-ua0-f176.google.com ([209.85.217.176]:36405 "EHLO mail-ua0-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752207AbdLVXO2 (ORCPT ); Fri, 22 Dec 2017 18:14:28 -0500 X-Google-Smtp-Source: ACJfBotspXAXtYT4fTUzFWP4aAgl41AisMnYTmNeZ6cfjd96CwaNS7/aPI3f6siIybovDXSFg03rgfm3USo7ANsLHHI= MIME-Version: 1.0 In-Reply-To: <20171222155536.502c0a53@zooty> References: <20171221091811.5bbb47db@tomh> <20171222155536.502c0a53@zooty> From: Kees Cook Date: Fri, 22 Dec 2017 15:14:25 -0800 X-Google-Sender-Auth: FQYSz6V4mbpNoWm39Yfq6uvgjRA Message-ID: Subject: Re: ptrace versus setuid changes in 4.14? To: Tom Horsley Cc: Laura Abbott , LKML , David Howells , Serge Hallyn , James Morris Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 879 Lines: 28 On Fri, Dec 22, 2017 at 12:55 PM, Tom Horsley wrote: > On Fri, 22 Dec 2017 12:28:25 -0800 > Laura Abbott wrote: > >> Assuming this is https://bugzilla.redhat.com/show_bug.cgi?id=1528633 >> This is yet another victim of >> >> commit e37fdb785a5f95ecadf43b773c97f676500ac7b8 (refs/bisect/bad) >> Author: Kees Cook >> Date: Tue Jul 18 15:25:31 2017 -0700 >> >> exec: Use secureexec for setting dumpability > > You mean there is hope this really is a bug and not a security > enhancement? Amazing :-). > > And yes, that is the bugzilla I submitted after I reduced > things to a small test program. I think the secureexec dumpability logic just needs to be removed -- the logic in commit_creds() _should_ be sufficient, but I want to double-check it now that I've got some more tests cases. -Kees -- Kees Cook Pixel Security