Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1209284imm; Wed, 26 Sep 2018 13:36:53 -0700 (PDT) X-Google-Smtp-Source: ACcGV61pv7fmoHq1BjYJgKA+pt93J2ZEQ4f0ZLtqa4lYZpWhRePB7VjZB2BLMTfz+oFAfmQ9D4U9 X-Received: by 2002:a62:9e52:: with SMTP id s79-v6mr8035677pfd.110.1537994213662; Wed, 26 Sep 2018 13:36:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537994213; cv=none; d=google.com; s=arc-20160816; b=RQk5DD2MNUiC2AR6IFwpojRE0+tc2Kl/BtltuBe7AucmHvvEmn+YdnjmC5MA1pjk3y BCbCwrDCyTP/os6bz1YgWAitpA5Ushy99Fw+Yqtu2VL4Emy24nzy9jQhCAG+PSE7TpQ1 +NltMxmKZP83BRVDA0UJ2vAT4OCyTjAlHESZuvYcRP5ea9nELEbSuPcyI7SxyRIuTeem GVh+ag3vGEFifzyqyAGuNqV4SWFAl/+QjJ2cs08TAMyv0cT77D4VuVx/+leiRc8m79RV VlLhlpM8BFnhqvRpM3mIriQzMxrUarVpfclejgoxg/BMr6rIBZeGkCvSGExY1j+k8dEo 2keg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:to:from; bh=degexY57qJjYIS2l06vFyJQ5mNBFcHim02wnYjj63ZQ=; b=qv52LRGe4cfibpE9EzofbhPjgWqt9NrDbG4fD3jphJZr9ETBFIicQIyqcCcfPKPJ1P 7c1DzEykUX52Xfc3pMDJ+aBZ+aWKVWoLhAuK1ODi3TrEtNXxzwViCBXwAzI++OhLFQAj hfvkTXEjGMLiCQs6MNTZimwbIfQDEVFMouImFNY0tPgAhMMA/OHCTd0T4/605Urd8ZyU QQAVZWZ70ol1rkCrE1eGJ2gY3EvLEwdAEOLWMQK5PJDROzA25iW7l473Pk9jw5y+p+5V rNEDt8RBS+HWRrAoH2Y6f7yyg/tw7N0h3ZQS9mIngauAJMGXugfGWqcSGdhXuOmx3TEV Qd5g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 8-v6si22423pgv.137.2018.09.26.13.36.38; Wed, 26 Sep 2018 13:36:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727169AbeI0Cte (ORCPT + 99 others); Wed, 26 Sep 2018 22:49:34 -0400 Received: from mga01.intel.com ([192.55.52.88]:12173 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726536AbeI0Ctd (ORCPT ); Wed, 26 Sep 2018 22:49:33 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Sep 2018 13:34:50 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,307,1534834800"; d="scan'208";a="93990991" Received: from cschaufl-mobl.amr.corp.intel.com ([10.251.154.97]) by orsmga001.jf.intel.com with ESMTP; 26 Sep 2018 13:34:48 -0700 From: Casey Schaufler To: kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, casey.schaufler@intel.com, dave.hansen@intel.com, deneen.t.dock@intel.com, kristen@linux.intel.com, arjan@linux.intel.com Subject: [PATCH v5 3/5] SELinux: Prepare for PTRACE_MODE_SCHED Date: Wed, 26 Sep 2018 13:34:44 -0700 Message-Id: <20180926203446.2004-4-casey.schaufler@intel.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180926203446.2004-1-casey.schaufler@intel.com> References: <20180926203446.2004-1-casey.schaufler@intel.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Casey Schaufler A ptrace access check with mode PTRACE_MODE_SCHED gets called from process switching code. This precludes the use of audit or avc, as the locking is incompatible. The only available check that can be made without using avc is a comparison of the secids. This is not very satisfactory as it will indicate possible vulnerabilies much too aggressively. Signed-off-by: Casey Schaufler --- security/selinux/hooks.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index ad9a9b8e9979..160239791007 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2267,6 +2267,8 @@ static int selinux_ptrace_access_check(struct task_struct *child, u32 sid = current_sid(); u32 csid = task_sid(child); + if (mode & PTRACE_MODE_SCHED) + return sid == csid ? 0 : -EACCES; if (mode & PTRACE_MODE_READ) return avc_has_perm(&selinux_state, sid, csid, SECCLASS_FILE, FILE__READ, NULL); -- 2.17.1