Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp438369imm; Fri, 28 Sep 2018 00:43:03 -0700 (PDT) X-Google-Smtp-Source: ACcGV62kX6VSK+MUjxhtM+qQj8GH8+LI7/v44i/ltmkCGNzb8dXNOz1KCEUlsi4ghhfkghX5qDmN X-Received: by 2002:a17:902:bcc2:: with SMTP id o2-v6mr15129726pls.22.1538120583576; Fri, 28 Sep 2018 00:43:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538120583; cv=none; d=google.com; s=arc-20160816; b=Wo8OT+gsycd8Lw8n/UvYiN7DXGeUb6PuGLRBdZX8eBKr1mIf9wsQnlBLV7UWJyCYtv uJpM+/6XHd5WvuxQNOcCmYA+Ay1eam2JIfo7378k5mnh+MKioCaNak6/6YBJcXpObu3h TZK0GRaNGCxfvn+rpBEeqR3Y2SpayARjXb8nUygC4kS37qgXRqqcTzTZDRVObxY+Iu5s B1KPhdCVRLPWeZWhSCtS/zBCWe5QXLEPquGt+zkmTSbMuxa8pLoDAQVD4OEb/8/Ed5TP zxlmw+/Jx6q3XLTsJg0P/cOqllIEPsLFNWY0y6fiAErwCiObhMDks9MnsphhXL+jnmc1 YMAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date; bh=0BYUhq/JGAGLwivR68pnrCvUDaLwl7K8lj/dtTleNHk=; b=IeKcI26TzSDKbL8DGaUcxCjsgjlOo4cP8pKpBkz1GHOFHI16EFTcZua0h1G/b0Z8XC B4JBkdmNZzQNq1mOydQM9DcMFCnHtcEimL49xkuuLOHKNCdeo9riFemyt/tfaPP64YrP usM5ZYLiQmhNgB7dr6QsytsPyzqBBjKcpx+tSNtaXcTSwwMJHRkMivQlfepn9gbhIGTW jLNU25sAVWJh2dflOHkL8ld1XZNNDod+XJMNRX2IhbZD6E+X2wLbTNZMcc7SiDpD7lFa dbj6LN4w3ge+D8dwft0sTkpE/HkYiAf66/7CJyxyZEglTtMeovnst2Lou5FYUdyCgOvI OPAw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m20-v6si4166441pgk.579.2018.09.28.00.42.47; Fri, 28 Sep 2018 00:43:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728985AbeI1OFH (ORCPT + 99 others); Fri, 28 Sep 2018 10:05:07 -0400 Received: from www.llwyncelyn.cymru ([82.70.14.225]:60402 "EHLO fuzix.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728200AbeI1OFG (ORCPT ); Fri, 28 Sep 2018 10:05:06 -0400 Received: from alans-desktop (82-70-14-226.dsl.in-addr.zen.co.uk [82.70.14.226]) by fuzix.org (8.15.2/8.15.2) with ESMTP id w8QMd35g005873; Wed, 26 Sep 2018 23:39:04 +0100 Date: Wed, 26 Sep 2018 23:39:03 +0100 From: Alan Cox To: "Theodore Y. Ts'o" Cc: TongZhang , Cyrill Gorcunov , adobriyan@gmail.com, akpm@linux-foundation.org, viro@zeniv.linux.org.uk Subject: Re: Leaking path for set_task_comm Message-ID: <20180926233903.38fb598a@alans-desktop> In-Reply-To: <20180926031645.GB3321@thunk.org> References: <20180925183953.GI15710@uranus> <0CD63E6E-7512-4DD6-8858-4408416DC730@vt.edu> <20180926031645.GB3321@thunk.org> Organization: Intel Corporation X-Mailer: Claws Mail 3.16.0 (GTK+ 2.24.32; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > Trying to depend on task name for anything security sensitive is at > _really_ bad idea, so it seems unlikely that a LSM would want to > protect the process name. (And if they did, the first thing I would > ask is "Why? What are you trying to do? Do you realize how many > *other* ways the process name can be spoofed or otherwise controlled > by a potentially malicious user?") Two processes that should not be able to otherwise communicate can keep changing their name to a chunk of data, waiting for an ack flag name change back. Alan