Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp4355397yba; Wed, 17 Apr 2019 09:43:31 -0700 (PDT) X-Google-Smtp-Source: APXvYqy4fKvB1anavJwZDVSdpIzbD6dOpdqiUW//kE/t9vdn9iYVRI9x5rpXi2hP/bwH2mywqs4u X-Received: by 2002:a62:292:: with SMTP id 140mr91485714pfc.206.1555519411871; Wed, 17 Apr 2019 09:43:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555519411; cv=none; d=google.com; s=arc-20160816; b=AGfIfvglkgwx8DJDVuXoyq0zD1gz8m9a+PRJr7BPePFa27hwfJMI6S1KIdXq3iddpX 724YMPXS/7j/ZxH9t+wvdiHA3Yx09Q7HF/O9O19K3zdephXRCPRUJQqLOEiFfSVlGZKI sNoqVddSyJBtA8drqRjS6AZ4wv8Jq2KU7MTpR28x8Or8ScwnSxlHwyO1c3tQb81DjIRe hNTytzoSXab9CXeqh3hSWvrnl/xsOK+UUKNO2taUjUmPlYmS71dyrLfLwPZaGbab4BiE FwAFaE9bXl0J9marnInWy6uO9NLVQ63D7HXC/JAJIyz5U3ytZ2rgtvUL34MJDa1KhOVo FnKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=3MM2CWsG+1KZRItt9dOySsdZCX9P8oSLNsyZBeCppkY=; b=sF34PqZq6Yy7ydmk0bBCfxKAN8N2iaLNcgNpmrtV/0iYImuL2GqDj/s2qIrfrHakEc 2mA60xM3lvxdSJPkb6vvaskxRS3MUwi+R9FoccenQWXLiVhSvBhIF+oGwPj+rjeP9yyT TXmuq6CQGTjajl5hlXkV1BctrznZSyg7HKtsnGTQshQPxcN9O+g/ROTllC+kCFrRwyfX myBUmL2uM7AFW5fXmlkiDHqXEDIFTUrce1Ll/rEiFPhGCYkkibvi5K5jkalimuWHGu+L Hi7NIshzcRRFU/I2SC5OPzr4yqS/4ieLUbBHP0lm/dAEy3uArThkMMoXIXFvkN/u6Xyq Gqzg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b="dhwxYMe/"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y12si51756503plp.47.2019.04.17.09.43.17; Wed, 17 Apr 2019 09:43:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b="dhwxYMe/"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732879AbfDQQmR (ORCPT + 99 others); Wed, 17 Apr 2019 12:42:17 -0400 Received: from sonic313-21.consmr.mail.bf2.yahoo.com ([74.6.133.195]:38290 "EHLO sonic313-21.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732476AbfDQQmQ (ORCPT ); Wed, 17 Apr 2019 12:42:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1555519334; bh=3MM2CWsG+1KZRItt9dOySsdZCX9P8oSLNsyZBeCppkY=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=dhwxYMe/fWjUCSTCdw2AIWWaJWlbA6Flo+q1btTqFPC+OcthqRw+dGgYRtdAtxX9I9xDdpcaArGzhAacD9s1cOXDRbE0xREUUCZHdebSkbbDeiq3GOUULngJJ60n6307gtVEy67W9VEZhdFBKEi1QXPBXd1AU76sFyl+VStdTH9i0oyKM+ers/ayZOG1Ju8/7jhTqZwUDljGOs7HTWfH6aO+4d+ffYuclowIx+j4RTCZJQwb2A2kRCbricB83RHH65EG6+1IUWlH/yewJgEJXsGXJ4VkqfclQ9v+pdWTTzJytWJNk7z3rPPgBNO/5PJrsoqb4uW5X8yXDZ94EEMp0Q== X-YMail-OSG: K.6GFc0VM1neswhz_haptv_iiR9K5VoKZAPX0yN8uXKjWPnOLTONSKvQ0Mn_YsP HoA3Zg8hzAXK18DPM_zyPUMZOj7S6Pzn75nABZeQM6N7f.bjZfn.2sjWQD_ES83bwW7XQoK9Lnk5 36jOXpiYteMVbMQJgvTYo2CLYuTUXf1Jv_4zTmatAOkE_dfolIR1yhXBaLl0jD1d3f5KECE0iC3n beYuxI3n.q474NSfnLrAR8UNSOalHtfnAYTNZ9haWRMzi4s_2hCcUU3msHiTBRgouPUvQ8_NHvvd W1Ejv.9UMZYb2PXlOb6FCmExvCzsmEiBAQmpafsTsrEPY8LyP3N0JyCCGuqMf06TV.D8aWEGA.wH O8GFI1c5BoL_CzAOT0qplVVC.hALu3a3Uw4kdfKdpOKnMug1I3hQ5IUNgjGgjz_w9ZwfY.prBBZV P4e34u0hm7Q6A6efeTiolGh3k2yQCOyCekS0b0dPVvRqNqtxueAAQQfEDzCrI3c_5bheZBT8c4hz 1T07NCuhf3PXhqDdG4td8bI.NmhNM9rLVpY.q.JUB5hoTuOrXf2E_n4C4XBvJZu9rZFsJJSg8GTZ ZzcT75hiVElgWHZFgXq9aHXk29gf.QTvBfvuXMUbHWxJifuZjW2jvPBBFDfmDqNm.w2o5Fozqgk2 PmMGzIQuOkvjVBzI82zQP3SAqpFVpU0gHw_2G.vKe99t.xnw0ljRNp70ixlCbY2MOa4L8bAUJYYF ujTasSnMHJ9wJMiaKT3Mk0kZnT01.5IaYdJ9udw4L8rjYpZgqtczI7Gf_sAVJMz0dGFB_Y6cIWog a7BdFz6EPTJxe3_r7oPhV_9KWeJdLtXPna3bDrdQK2LcuIL7Ly_ixoYdZAiSZ45U7ecoAdYFDf2Q 520zsc3tOBEi3wD.cNEYsLDVZRgAjUxZZQ0cgJY2_sWCqmRADpZT8N8VvAW4PmB9Gb3HFX1uLirG XS.Kay4SeDHb46ykVWLrPDEkkwDeFsGFGC6zGAP0jbOHWng5ST1egesDhUK4OA2WcrfZYh_jEg6V _PErPOO_QR8bLw5mYUYyTuL1AEvUGO4DqSZQTr3ag_TCYvBZ0maPg5CWaHijgNJjy6j.vfgqM0_k 2h93U16lBlR7XaqxGpfBxQmNu4A-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.bf2.yahoo.com with HTTP; Wed, 17 Apr 2019 16:42:14 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.103]) ([67.169.65.224]) by smtp412.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 1f1ffef23e024c3542d30848c732eedf; Wed, 17 Apr 2019 16:42:13 +0000 (UTC) Subject: Re: kernel BUG at kernel/cred.c:434! To: Oleg Nesterov , Paul Moore Cc: "chengjian (D)" , Kees Cook , NeilBrown , Anna Schumaker , "linux-kernel@vger.kernel.org" , Al Viro , "Xiexiuqi (Xie XiuQi)" , Li Bin , Jason Yan , Peter Zijlstra , Ingo Molnar , Linux Security Module list , SELinux , Yang Yingliang , casey@schaufler-ca.com References: <20190415134331.GC22204@redhat.com> <20190415150520.GA13257@redhat.com> <20190417145711.GI32622@redhat.com> <20190417162723.GK32622@redhat.com> From: Casey Schaufler Message-ID: <939a45a6-fc1b-0ac3-759b-0e7c3ce3d670@schaufler-ca.com> Date: Wed, 17 Apr 2019 09:42:11 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <20190417162723.GK32622@redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4/17/2019 9:27 AM, Oleg Nesterov wrote: > On 04/17, Paul Moore wrote: >> On Wed, Apr 17, 2019 at 10:57 AM Oleg Nesterov wrote: >>> On 04/17, Paul Moore wrote: >>>> I'm tempted to simply return an error in selinux_setprocattr() if >>>> the task's credentials are not the same as its real_cred; >>> What about other modules? I have no idea what smack_setprocattr() is, >>> but it too does prepare_creds/commit creds. >>> >>> it seems that the simplest workaround should simply add the additional >>> cred == real_cred into proc_pid_attr_write(). >> Yes, that is simple, but I worry about what other LSMs might want to >> do. While I believe failing if the effective creds are not the same >> as the real_creds is okay for SELinux (possibly Smack too), I worry >> about what other LSMs may want to do. After all, >> proc_pid_attr_write() doesn't change the the creds itself, that is >> something the specific LSMs do. > Yes, but if proc_pid_attr_write() is called with cred != real_cred then > something is already wrong? > > In fact, I think that something is already wrong if it is not called by > user-space directly. Too late to ask, but why is this /proc/self/attr/ > magic not implemented via syscall(s) ? Shell scripts, for one thing. It's a straightforward and appropriate use of the /proc interface. System calls would require additional change to existing programs, whereas using the /proc interface allows a good deal to be done in the containing scripts.