Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1324236imm; Wed, 26 Sep 2018 15:59:02 -0700 (PDT) X-Google-Smtp-Source: ACcGV60HNvImIOoVYghYgKAyB9X4TPhnTDFu8p0guL3XuMQOg5wf/46VA2nvevdrdSgcoJ+xk+yH X-Received: by 2002:a17:902:b28:: with SMTP id 37-v6mr7945120plq.337.1538002742111; Wed, 26 Sep 2018 15:59:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538002742; cv=none; d=google.com; s=arc-20160816; b=snWKwPuUyFyb7U+VwdzAfrVYQdjZBsEMZeLvCVAW2XJbejdokEyrdRHYZHn2fGKCqj BpmFJe2b2HsjZ/ThefLFLsZmG5aUgHSXHK/QUqBQGR5YuFdGfRYxw1XoI6FH21c9N94G iSk5xL/Os+md0n5KQtS5OFWm52cYxTt5NSzS7RbM59Y+fPTkaDBy+Ob6uhmCbzi0KuIg 3Opsukn/JhfMdCqajZ6K0CHRTdEv2Yv+g3gDcGjZYZ0n7I4FaKrZAK0hBDgkeVuXSmkP ejVN+lNweHf5ESvLgH+SERa0D47inyYb/HMw7k+1zvWg89g4eiRFDdJ9IQkcv+uY4D2W W2hw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=AwtNy1xBli3EEuuEjfCraJEsNp8HIriJJVoIpp9yEBM=; b=IyLPz+faMJyBVX9umz6snxWZfta44BF2ezrhnxmzDzf+TjaSA20zbwqgWPvzMk6RSF dLyUYcxorClGs8YLcDNk6KGT/vU0QTwJzwhJTwkFwqs8+EnRdrn4GxjXEn7BPWcfnRFZ IcmoKi4k6mdHoqbaHIvpQP/3SZZcD4uLYEjw+/CsGSjFBpo9vajz9MvbEQASJWvpZrPA 4nYpQa0TXgpEKOuBOirEm475JA7lXLvviJsPQBDhB8tVs3w68f7T5C260USPfIL1MsdM 6Mni3qIat9h1bYPt2ndL1p40vmY7464l4KIpL8jUlKrhTtdd9vQbZWPJ37btJ+/lHjiQ W26Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=vFvFPlzl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y18-v6si279985pfb.161.2018.09.26.15.58.46; Wed, 26 Sep 2018 15:59:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=vFvFPlzl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726631AbeI0FNm (ORCPT + 99 others); Thu, 27 Sep 2018 01:13:42 -0400 Received: from mail-ot1-f66.google.com ([209.85.210.66]:34099 "EHLO mail-ot1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726298AbeI0FNm (ORCPT ); Thu, 27 Sep 2018 01:13:42 -0400 Received: by mail-ot1-f66.google.com with SMTP id i12-v6so700809otl.1 for ; Wed, 26 Sep 2018 15:58:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=AwtNy1xBli3EEuuEjfCraJEsNp8HIriJJVoIpp9yEBM=; b=vFvFPlzlKv+cg2+g+6iLn4ZS7rMOjwIdMBPyDKDlW52wpfbSxHa+H/InrAnBHpSASa s42itjpXB6WZfEf7jBHMSueMMhnNs1uk7hmW35i8flszQwz2NVnLFVecw6AiNAaqe4wi s/Ja47ucnWoy3SLW1D2N9G7NjfQZxaUfC2vmu45kl82bIWe5eX1ydWkmhnI83xApUCP7 GFlL39sQagztednOYi6Gm9udhpQ6RX3nn5bMsBzFdoVUiLXzZyLZOG8my9gRl0LscjLy FC4yPF6c6o8y45AQu1UoQEkVD4uptxSH2O6MTMwfadYNjSxpu4VAmnsKHf+4/XG0vJZ8 r+Kw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=AwtNy1xBli3EEuuEjfCraJEsNp8HIriJJVoIpp9yEBM=; b=nPhzFvIxMmrv0UqiKm05x53lPWY1MNwVZNnL2scfAzYYVR9E3efbSzS+Gs1UXR5df9 yYU4iUc6ioM1bgwO35uE89igJyKg6ja6noB6UCJSS+TEEnjkcKq1bOQj4p3h6agDKKpn lktMY2MdQ+A6w+2bngo7EpPG3R+0W4MR9zFe4NGHSsCok1MQSJsRbAbsZvurVdFJChmI uN9ka5tb2PuITIY1G1swkREH/wMoGBxRycjl2tkPsbVIeS7iEvyE/CthhiEksW7PuNfi xknW7lwu9ACUlNo1B3UqGkUx+P6mH9U0xqob/BPrdjkhLH165Zu+1rBWZqMnWoiP0XFY U+kA== X-Gm-Message-State: ABuFfog/6Zr4y6MhA6Rp2N5MReWh+O3Cm7IEHkr77JV7VK+W4+sj/ASU YOnINUAiypUBe4P5ROXkRZf5soy3N7oFrbWhEV25ag== X-Received: by 2002:a9d:844:: with SMTP id 62-v6mr5234707oty.159.1538002707140; Wed, 26 Sep 2018 15:58:27 -0700 (PDT) MIME-Version: 1.0 References: <20180926203446.2004-1-casey.schaufler@intel.com> <20180926203446.2004-3-casey.schaufler@intel.com> <99FC4B6EFCEFD44486C35F4C281DC673214625EA@ORSMSX107.amr.corp.intel.com> In-Reply-To: <99FC4B6EFCEFD44486C35F4C281DC673214625EA@ORSMSX107.amr.corp.intel.com> From: Jann Horn Date: Thu, 27 Sep 2018 00:58:00 +0200 Message-ID: Subject: Re: [PATCH v5 2/5] Smack: Prepare for PTRACE_MODE_SCHED To: Casey Schaufler , Jiri Kosina Cc: Kernel Hardening , kernel list , linux-security-module , selinux@tycho.nsa.gov, Dave Hansen , deneen.t.dock@intel.com, kristen@linux.intel.com, Arjan van de Ven Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org +Jiri On Thu, Sep 27, 2018 at 12:54 AM Schaufler, Casey wrote: > > -----Original Message----- > > From: Jann Horn [mailto:jannh@google.com] > > Sent: Wednesday, September 26, 2018 2:31 PM > > To: Schaufler, Casey > > Cc: Kernel Hardening ; kernel list > > ; linux-security-module > module@vger.kernel.org>; selinux@tycho.nsa.gov; Hansen, Dave > > ; Dock, Deneen T ; > > kristen@linux.intel.com; Arjan van de Ven > > Subject: Re: [PATCH v5 2/5] Smack: Prepare for PTRACE_MODE_SCHED > > > > On Wed, Sep 26, 2018 at 10:35 PM Casey Schaufler > > wrote: > > > A ptrace access check with mode PTRACE_MODE_SCHED gets called > > > from process switching code. This precludes the use of audit, > > > as the locking is incompatible. Don't do audit in the PTRACE_MODE_SCHED > > > case. > > > > > > Signed-off-by: Casey Schaufler > > > --- > > > security/smack/smack_lsm.c | 3 ++- > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > > > index 340fc30ad85d..ffa95bcab599 100644 > > > --- a/security/smack/smack_lsm.c > > > +++ b/security/smack/smack_lsm.c > > > @@ -422,7 +422,8 @@ static int smk_ptrace_rule_check(struct task_struct > > *tracer, > > > struct task_smack *tsp; > > > struct smack_known *tracer_known; > > > > > > - if ((mode & PTRACE_MODE_NOAUDIT) == 0) { > > > + if ((mode & PTRACE_MODE_NOAUDIT) == 0 && > > > + (mode & PTRACE_MODE_SCHED) == 0) { > > > > If you ORed PTRACE_MODE_NOAUDIT into the flags when calling the > > security hook, you could drop this patch, right? > > Yes. Since the PTRACE_MODE_NOAUDIT was in PTRACE_MODE_IBPB > in Jiri's previous patch set and not in PTRACE_MODE_SCHED in this one > I assumed that there was a good reason for it. Jiri, was there a good reason for it, and if so, what was it?