Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp515352yba; Mon, 1 Apr 2019 10:51:13 -0700 (PDT) X-Google-Smtp-Source: APXvYqwvsRzXWFlcbikL3yXalAOTect7rafyArcsmOsGsAhpyMluQOMGZ7uSAAYwcv8/KOR8YEo/ X-Received: by 2002:a17:902:aa5:: with SMTP id 34mr63083104plp.302.1554141073165; Mon, 01 Apr 2019 10:51:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554141073; cv=none; d=google.com; s=arc-20160816; b=taVb0iYRv7T9nYMuS/ZmAeWjqlRcWC1HcvL4AlSj18o+Sw2Kn062OzntoFBS9RxDqL POdd1Y4du6Mad3wmfcSJHcJnkQfoy4gdWZ2tGFQaklz+rOgWl9A2wSeEnSL+/VIl8AUl zwdaEeXUkWx7aGUdVQ+Rvn/36jS/krwEiSYxlAThbxZDqZeQsk/02jSW7+aWYcrNZHIA QEDB7gJLRrEbHcXJdJdAwuUAKBjEJ/w6GZO0roEaOa2hp7HownUIHERcUgHnbNkT3F4Z MGcGNqvXzEP1lua2ievQyaQrxAIGvTSWA7PkIB12gp1GfBhPF3xlmghxYNbWpOWj5+3h Yz9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=oHdWIku2tclNcnAhH24FunEqUZ0tJdj8ojutztjoVos=; b=flmJ0+0/Lwl70RkW1IzLi+WSE/e4qzMGNaLlHymzWPVSvT7K7ozu102N+yPuP/goQP s8GU6BaeneiY+6exeUaPEhD4lRB/Dd5lHSYIwh5pNy4UY3vhlb1X8am8pLN86zmmUX9Z 2mT4arBgIYQdBO7axALoEPToRNsbRgYI8NvAyRwXAxsdTgSnvz8UgrTE01iXn5W45l3r /QkLOlB+DQARNlu8ho1MwJa+3iFM8be4iRLu2RTd9ufrL7bXPlhPLpRr6MMqK6zx5ted m5ZAxR31QAuw3Bp6rpyZK5RZHziyKx7ZNLG88LHihmg3Fv0daHtMYURN1U650Lit+Qnx Z7AA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=h1r2fqNF; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j143si5827925pfd.124.2019.04.01.10.50.56; Mon, 01 Apr 2019 10:51:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=h1r2fqNF; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732619AbfDARuZ (ORCPT + 99 others); Mon, 1 Apr 2019 13:50:25 -0400 Received: from mail-it1-f195.google.com ([209.85.166.195]:51986 "EHLO mail-it1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732839AbfDAR2r (ORCPT ); Mon, 1 Apr 2019 13:28:47 -0400 Received: by mail-it1-f195.google.com with SMTP id s3so398434itk.1 for ; Mon, 01 Apr 2019 10:28:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=oHdWIku2tclNcnAhH24FunEqUZ0tJdj8ojutztjoVos=; b=h1r2fqNFjtQTUv3BLeWZy6f/x4WLCFv6JRUhw7kcovAVfAwisYIrDa2bt7p6HN4P50 AsbJlEqfpKWt1Dgmv7L222M7WmyNRR7oT6Fd/QOOPuAI/V/F/wrheO0GbAXYENGdo44O 4dsh8dkNBr2CSqff7p8TCNLjmEX69XZjuh0kkTiZpZ3vaHh25VoSJO2M+ZCI9nlMRAwe qimKFHoD2f33783IWmMhuoDzx3A+syCwABbKZW8WZ6E34Z1KDd5zudqsZ6/16JgMbjcc 4ZZ72UzldRlks+WFLKmpvagTIj+iAlmxa3z38EW9VqdiqyelYH2rasZ5a8/UqcVNxNdZ 54UQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=oHdWIku2tclNcnAhH24FunEqUZ0tJdj8ojutztjoVos=; b=jGujlo/BgN1M3DVh2pu2iQR4vQSeUg3FfMjUpmDxWnZCTD3XrKQwo5PRwWryoqLkny cTRowm70Bys1V31EsavbBi6Daziy7a5W99Y4z08zACthBHjkSJwf2tPW9V1IxFfts/Rh 293KU+VPFRVpAgYAzXJmX3cTpPj7MtD+Zc10PRBxZhA/Rq5lIjL62+dtHig+VKByCiWb V5rbdPK10veCvMINCo2A5FI4LkZ8sxxcsxDw/UwzgLguyx4pncQMY5JBhmiNZ7cJk3Sq 91jXPAVXc09Bzv21joDPMNvliMOASOFKm8SCMeFu7s25QUJLdoD7287ASycHH0nnxTLt lCBw== X-Gm-Message-State: APjAAAWDTpEkih0sIOBgAn9OOPbjMxZ3zChMo/OZMMyyy7TqL3Q1kGSu /ystXFtvikGjxBtPqU4uUDnZS6nfcFTXkhdmkR0Ajg== X-Received: by 2002:a24:2f49:: with SMTP id j70mr506040itj.122.1554139725726; Mon, 01 Apr 2019 10:28:45 -0700 (PDT) MIME-Version: 1.0 References: <20190401090113.22946-1-jthumshirn@suse.de> In-Reply-To: From: Dmitry Vyukov Date: Mon, 1 Apr 2019 19:28:33 +0200 Message-ID: Subject: Re: [PATCH] fs/open: Fix most outstanding security bugs To: Nikolay Borisov Cc: Johannes Thumshirn , Linux Kernel Mailinglist , Linux FSDEVEL Mailinglist , stable , syzkaller Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 1, 2019 at 4:14 PM Nikolay Borisov wrote: > On 1.04.19 =D0=B3. 12:01 =D1=87., Johannes Thumshirn wrote: > > Over the last 20 years, the Linux kernel has accumulated hundreds if no= t > > thousands of security vulnerabilities. > > > > One common pattern in most of these security related reports is process= es > > called "syzkaller", "trinity" or "syz-executor" opening files and then > > abuse kernel interfaces causing kernel crashes or even worse threats us= ing > > memory overwrites or by exploiting race conditions. > > > > Hunting down these bugs has become time consuming and very expensive, s= o > > I've decided to put an end to it. > > > > If one of the above mentioned processes tries opening a file, return -E= PERM > > indicating this process does not have the permission to open files on L= inux > > anymore. > > > > Signed-off-by: Johannes Thumshirn > > Ack-by: Nikolay Borisov Reviewed-by: Dmitry Vyukov Cc: stable@vger.kernel.org # v1.0+ Do we want to extend this to other subsystems? Should it be a default secomp filter? > > --- > > fs/open.c | 14 ++++++++++++++ > > 1 file changed, 14 insertions(+) > > > > diff --git a/fs/open.c b/fs/open.c > > index f1c2f855fd43..3a3b460beccd 100644 > > --- a/fs/open.c > > +++ b/fs/open.c > > @@ -1056,6 +1056,20 @@ long do_sys_open(int dfd, const char __user *fil= ename, int flags, umode_t mode) > > struct open_flags op; > > int fd =3D build_open_flags(flags, mode, &op); > > struct filename *tmp; > > + char comm[TASK_COMM_LEN]; > > + int i; > > + static const char * const list[] =3D { > > + "syzkaller", > > + "syz-executor," > > + "trinity", > > + NULL > > + }; > > + > > + get_task_comm(comm, current); > > + > > + for (i =3D 0; i < ARRAY_SIZE(list); i++) > > + if (!strncmp(comm, list[i], strlen(list[i]))) > > + return -EPERM; > > > > if (fd) > > return fd; > >