Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp132671imm; Tue, 25 Sep 2018 17:45:10 -0700 (PDT) X-Google-Smtp-Source: ACcGV61OjKbkblR7QKpINQegzxmGtLelaKli3RyzpXYOogNOrc8GfXgtJ7NutfF9GmO0HXZ2BjNb X-Received: by 2002:a17:902:6bc1:: with SMTP id m1-v6mr1409621plt.148.1537922710699; Tue, 25 Sep 2018 17:45:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537922710; cv=none; d=google.com; s=arc-20160816; b=jYr3uJdev/hZl9yY7brQacGVNGE9perneKK+veXxmj5dB39+15z/hVVLacSbgfwyvn D/YHH22Gh0Utco8+ZjlhC7ALddEJzMDlikGJEB+7MwGw5Ozn40ow06uTifJjZVBnp7aU WtEZOvpaa+29zHBWltkno6odFSC6H+ZzaTNbnnuc+/MewrZZ19eOiidBxqEIFAO/9XNb FIMebIgmqh5X3RPRYOo4GVJiqtyOv+ayMobVRTtb26BcTBA4sj3gDUGhPvr7QflkOs92 ckMmTe5kE3/vewq2ZBAnVbObKB6+xHGhQ8LIectSmXHei0oxVpRK04qzN5gigmYQkUks lvaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version; bh=sMb4EmAy5l6p379GEZi3EkFXfe2pseZYPz/Gv9B7+U0=; b=Q4sJUgB5SIzLcYesWgomBNxHo6hrt6KpOC7JTROoS8hdk/yGU5ZJNEiWGM2/qbf24r gkhiV/5em1APprndzw5VsiTHPzNJ9iZjR5D1dQcl0fgJ1NZ7WSgrxh0ID+TeBIrA9khN nY0mE/KSmzLzj5ZSH4FNEJ+vP4GC/IVLP9+m4wSzf5mbSGIRvNq7Tv8W13bbuFZ0cUoB 1Ct7pkNcqaXAa+5wfE1JmsDXBgX7pVHSKsIfbwT7WKLevJn9VJvVjYJ7MCKeuXwMvh0j 704ERO6I2XWHXXZRfhuuN8VP8R7VicLHMj02Cq21+FR/mE81T05INfx/vwlotDa96WGk 00Qw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vt.edu Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j185-v6si3762107pgc.419.2018.09.25.17.44.54; Tue, 25 Sep 2018 17:45:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vt.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726474AbeIZGy6 convert rfc822-to-8bit (ORCPT + 99 others); Wed, 26 Sep 2018 02:54:58 -0400 Received: from outbound.smtp.vt.edu ([198.82.183.121]:35920 "EHLO omr1.cc.vt.edu" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726265AbeIZGy6 (ORCPT ); Wed, 26 Sep 2018 02:54:58 -0400 Received: from mr4.cc.vt.edu (junk.cc.ipv6.vt.edu [IPv6:2607:b400:92:9:0:9d:8fcb:4116]) by omr1.cc.vt.edu (8.14.4/8.14.4) with ESMTP id w8Q0imiv008433 for ; Tue, 25 Sep 2018 20:44:48 -0400 Received: from mail-qt1-f198.google.com (mail-qt1-f198.google.com [209.85.160.198]) by mr4.cc.vt.edu (8.14.7/8.14.7) with ESMTP id w8Q0ihZW006329 for ; Tue, 25 Sep 2018 20:44:48 -0400 Received: by mail-qt1-f198.google.com with SMTP id d12-v6so10295433qtk.13 for ; Tue, 25 Sep 2018 17:44:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=sIP7gHKEtexL5M9PPLcXiOIKvq5d5gduR2aNe9uHcJw=; b=tVHHKXA96hFlZ3/kP3oezAyZs2nprAO2CpOJIuhpNQ/Ip8wxSSNgACTwW3q1Z22ROi FLKm4ssByFeravux6aCVhz+RZxBMgRSOvJFD67Jgxhzu5ZLpPr+bsJicqLEBu2Bf7P32 /OA11Sa/1cyM90y8M9ljuyaarX47e7M4V+QUU2piOU4il+0+Ahox5YfwMBd7WcLCuYHJ S9aVybIFMDv2IJIYnVAyaHIhng9btd8nLKI4phmHSZa981ZVyAB7HEj53c1MH0KQ9Ya4 V6pyo1ulSvp+Siq2uNjXYKwfyChQwkwS2PkYFORsQrzy8QstUZWhxfaHPNbKQXb6oo5N ZXsA== X-Gm-Message-State: ABuFfohn897NNM3RksiEiXHOUidGaq6+PcXDil9CEhpFAXDkk/AMQ5u6 W7Kv2eG+H8CyaTawWp9Q7uWoBLFCVngKEXwsWAvjH1x6NgyMmZ8oouHRC+J6rbRuyv88+5i+YCy oseB+znldCQRGnrNYdkRoQywbZZH1wNc0vRE= X-Received: by 2002:a37:5c81:: with SMTP id q123-v6mr2590070qkb.8.1537922682963; Tue, 25 Sep 2018 17:44:42 -0700 (PDT) X-Received: by 2002:a37:5c81:: with SMTP id q123-v6mr2590055qkb.8.1537922682768; Tue, 25 Sep 2018 17:44:42 -0700 (PDT) Received: from ?IPv6:2601:5c0:c100:49da:1857:54ff:f889:7a68? ([2601:5c0:c100:49da:1857:54ff:f889:7a68]) by smtp.gmail.com with ESMTPSA id q10-v6sm2117797qtp.7.2018.09.25.17.44.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 25 Sep 2018 17:44:41 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\)) Subject: Re: Leaking path for set_task_comm From: TongZhang In-Reply-To: <20180925183953.GI15710@uranus> Date: Tue, 25 Sep 2018 20:44:39 -0400 Cc: adobriyan@gmail.com, akpm@linux-foundation.org, viro@zeniv.linux.org.uk, LKML , linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, Wenbo Shen Content-Transfer-Encoding: 8BIT Message-Id: <0CD63E6E-7512-4DD6-8858-4408416DC730@vt.edu> References: <20180925183953.GI15710@uranus> To: Cyrill Gorcunov X-Mailer: Apple Mail (2.3445.100.39) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Yes, this is exactly what I am saying. A process can change its own name using prctl or /proc/self/comm. prctl is protected by security_task_prctl, whereas /proc/self/comm is not protected by this LSM hook. A system admin may expect to use security_task_prctl to block all attempt to change process name, however, it can still change name using /proc/self/comm. > On Sep 25, 2018, at 2:39 PM, Cyrill Gorcunov wrote: > > On Tue, Sep 25, 2018 at 01:27:08PM -0400, Tong Zhang wrote: >> Kernel Version: 4.18.5 >> >> Problem Description: >> >> When using prctl(PR_SET_NAME) to set the thread name, it is checked by security_task_prctl. >> >> We discovered a leaking path that can also use method implemented in >> fs/proc/base.c:1526 comm_write(), to do similar thing without asking LSM’s decision. > > I don't understand how it is a problem. Could you please explain? > procfs/comm is created with S_IRUGO|S_IWUSR permissions. So > prctl and procfs are simply different interfaces.