Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp639042yba; Mon, 1 Apr 2019 13:36:31 -0700 (PDT) X-Google-Smtp-Source: APXvYqx4TRtnXFeOqvygrC2WwrVZQHu/7Nd0/wzJQ4CKmiL7r6+4NDwT9Di6beeGk51oug6qJmGM X-Received: by 2002:a17:902:2aa6:: with SMTP id j35mr65888120plb.56.1554150991241; Mon, 01 Apr 2019 13:36:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554150991; cv=none; d=google.com; s=arc-20160816; b=lKGPoIv37JT6zb+gzq9mcQ4R72BFeDzIBTWrkIGvbZlc/wcnOOhiQvFGCsbhJH2L7a E0qXIYltc4IcFQEkiZNHTGdvegV4rM4IFjMXO6JB8/fPjbqDzPoMCt/mjdaFfG3OhO7b r3SPwMRpW8koCxb2CHqtnbj+xDTcyGnn900pTPnnS+Ya9eDemMRg7xpYVkT0DbLS3DMA DzDXNf+vcvANaDQuH5Jkb/GOgZGCZ/O7x+xtl929idEyKUQbQzlheZfnb5aMhFdDo35/ 4P+8kB0nF2oHOSWvHac85PvgNNIBoSxIEJgqyLICJCUAxYLuQrj1Zfl1oh0J4WdSsxko iRJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=Oz2lBXpFOO7Uhfmu91wpRbUCZwJBC1fFr2TeZERUG6E=; b=R1/6nKAiJTPcxJY170jIQNLXqHNcxsFDkwiEY8Mkd95ZtcmK/3hVsYqs1UUdjSHhTN KMce6zifhZ1EAfbV+BIKr2h5ZlQQegYgPyrx7hehyb08G8JNvc/4nIve6nDPvkueK4ol Q+bV83g7y+wldfiq2MtH1k9YqBy62HxoHzyPDHwCurpDVEZp20ErcJLR7fsr9I4XdJaJ KrVI00/hfp7uBp3fsRcaJz3teKYCPlRTlHnmnurHa3XLRphpbiAK2i7KYPufQuYlbENp mR11WjuWTnXZIC+SjVpNJB9IgwAfqF+K2Y2LYd3srbgMb2UCogtWfxdCRyKl3tFXWYS1 aD7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=iqrW8vgH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r39si10000037pld.10.2019.04.01.13.36.15; Mon, 01 Apr 2019 13:36:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=iqrW8vgH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726913AbfDAUfY (ORCPT + 99 others); Mon, 1 Apr 2019 16:35:24 -0400 Received: from userp2130.oracle.com ([156.151.31.86]:41070 "EHLO userp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726545AbfDAUfX (ORCPT ); Mon, 1 Apr 2019 16:35:23 -0400 Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x31KYbHi112171; Mon, 1 Apr 2019 20:35:19 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=corp-2018-07-02; bh=Oz2lBXpFOO7Uhfmu91wpRbUCZwJBC1fFr2TeZERUG6E=; b=iqrW8vgHRwoW85biQdhRJl+cEn03OGd8nzgyym/QkFNtfTZw9qHDzJQj8dL3QhwhLy6H uAY5xGz2YxXWYfG7085EHCFsBUyYYFEe2yWW22YFNGmmB7DYTLULRBH6m5DsfkIyN9yw qc4uUDhqj+pqHYgvFhHzA+5sjreDMwmgWARBKLuZaQZe+5S+Uqf8lssLkx/GfZRLPm/R 72IakgpBIJ4DwmY6AolpOdwQrjsvqA9g8vmpWocW6EgRH89pZJqiAZLPzkNm6nZnESIz 8ldZpVZXa8bhouOWfUoS618HstzYeNxPEloqyKmbhKs/8upj3fYNe6jlDRbA6OAAJM3B qA== Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by userp2130.oracle.com with ESMTP id 2rhyvt1d96-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 01 Apr 2019 20:35:18 +0000 Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id x31KZHNa010081 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 1 Apr 2019 20:35:18 GMT Received: from abhmp0006.oracle.com (abhmp0006.oracle.com [141.146.116.12]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id x31KZHkw009985; Mon, 1 Apr 2019 20:35:17 GMT Received: from localhost (/67.161.8.12) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 01 Apr 2019 13:35:15 -0700 Date: Mon, 1 Apr 2019 13:35:14 -0700 From: "Darrick J. Wong" To: Johannes Thumshirn Cc: Linux Kernel Mailinglist , Linux FSDEVEL Mailinglist Subject: Re: [PATCH] fs/open: Fix most outstanding security bugs Message-ID: <20190401203514.GC1177@magnolia> References: <20190401090113.22946-1-jthumshirn@suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190401090113.22946-1-jthumshirn@suse.de> User-Agent: Mutt/1.9.4 (2018-02-28) X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9214 signatures=668685 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1904010133 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 01, 2019 at 11:01:13AM +0200, Johannes Thumshirn wrote: > Over the last 20 years, the Linux kernel has accumulated hundreds if not > thousands of security vulnerabilities. > > One common pattern in most of these security related reports is processes > called "syzkaller", "trinity" or "syz-executor" opening files and then > abuse kernel interfaces causing kernel crashes or even worse threats using > memory overwrites or by exploiting race conditions. > > Hunting down these bugs has become time consuming and very expensive, so > I've decided to put an end to it. > > If one of the above mentioned processes tries opening a file, return -EPERM > indicating this process does not have the permission to open files on Linux > anymore. > > Signed-off-by: Johannes Thumshirn > --- > fs/open.c | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > > diff --git a/fs/open.c b/fs/open.c > index f1c2f855fd43..3a3b460beccd 100644 > --- a/fs/open.c > +++ b/fs/open.c > @@ -1056,6 +1056,20 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode) > struct open_flags op; > int fd = build_open_flags(flags, mode, &op); > struct filename *tmp; > + char comm[TASK_COMM_LEN]; > + int i; > + static const char * const list[] = { > + "syzkaller", > + "syz-executor," > + "trinity", > + NULL > + }; This makes no sense, why would you gate on "syz-executor,trinity"? > + > + get_task_comm(comm, current); > + > + for (i = 0; i < ARRAY_SIZE(list); i++) > + if (!strncmp(comm, list[i], strlen(list[i]))) > + return -EPERM; This is insufficient, because this isn't the only way to open a file. Wouldn't it be far more effective to use copy_to_user to inject shellcode into the syzkaller image and change the return address, to find all the places where syzbot doesn't validate itself sufficiently? In Soviet Russia, the kernel syzkallz you. NAK. --D > > if (fd) > return fd; > -- > 2.16.4 >