Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp1536101rbb;
        Mon, 26 Feb 2024 12:29:42 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCX5onzby2y4CTfKkipbyCiLFdUq/qUzbwYScRaZcaOk2IOwOhvL7GEL3WPof66NWA2E+Ng06rXGlPb81A19KKKsfdn80vuShXHY+NipKQ==
X-Google-Smtp-Source: AGHT+IHQLzqglTAxWuzX4A+JCns+JksFluEjJvYPTMP2x876KRERWiXKJIoE9QYh0CZlc8uVCHBd
X-Received: by 2002:a0c:f0d2:0:b0:68f:e924:abf9 with SMTP id d18-20020a0cf0d2000000b0068fe924abf9mr205413qvl.14.1708979382317;
        Mon, 26 Feb 2024 12:29:42 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1708979382; cv=pass;
        d=google.com; s=arc-20160816;
        b=r36yvKfgPug+5G092YPtQBy5PolCYqR3mgM46hA19VNBHPBZm0HOVEAtBSqIqHmElR
         6/iXL5NDtYZWeDEJtNCuHzYOmpEOJU5bOlbpMxyC+tyJXPnoFEjt4M6xrMK1yIP2aHlI
         yre2E9VmrqyMDxSxWzOSFzgkKYrX2aK1fhu4d1ZQl1/jYXEE0kA/56TOBsPMIZrX1ipv
         QkkRMAOvI6lY110y1rJt8eavTAk/h5r1ahLyDvpT5tCBP4KlYxr1w2xo3Dov4FwyX+UA
         m/L3qPPmN8w3TSAMNIMPV8K6uFxmrDGjVq7Txt3vG83GIRQh6+Eol4FoQ7n3DZHy+0b2
         QfCA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe
         :list-id:precedence:dkim-signature;
        bh=tNlbAlWQ1iLJPy/RP5LQxjXWzGeumRLZ8mhf6SEDR2k=;
        fh=EdgatE8TOG/R6kqsVsejYWlg68TPPNtTa1yib+NwRag=;
        b=WCP2s2pVlnXyj84vxsJ9lI/ypZejmJWWGrmH4VWidBo0Selsm8bnQC3Dac4p48m2o0
         +aG5J4UmaMxrRv+d2AX85Xfb7aMQMAfwXVIggp3CiCR5GFmwHGmzGd7ctpl85ttqqrDJ
         5qSo5DanUnOjMEiEwTFfChQqBUHBRruf0R+12uPAzMlHELxZCLEvpuYaD3tPgM1nmF5D
         DB0imHOcPgEdvtgjLgtz29dj+c/ZTfApFMLln9Bvhyg3lJ33Xt1C+IrLzTSZzjIJydA7
         FsdtK2YPfJvobvzr1cG73N9klcI7kTq1qpjV9RuhZJOTiuAPDYZzE60LO5gbPkSAPtSl
         iJmQ==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=kXUH4LYt;
       arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org);
       spf=pass (google.com: domain of linux-kernel+bounces-82289-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-82289-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel+bounces-82289-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1])
        by mx.google.com with ESMTPS id fn4-20020ad45d64000000b0068f2c759131si5917422qvb.2.2024.02.26.12.29.42
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 26 Feb 2024 12:29:42 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-82289-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=kXUH4LYt;
       arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org);
       spf=pass (google.com: domain of linux-kernel+bounces-82289-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-82289-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 125CE1C23FB2
	for <linux.lists.archive@gmail.com>; Mon, 26 Feb 2024 20:29:42 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id D2023130E41;
	Mon, 26 Feb 2024 20:29:30 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="kXUH4LYt"
Received: from mail-lf1-f47.google.com (mail-lf1-f47.google.com [209.85.167.47])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5817412F588
	for <linux-kernel@vger.kernel.org>; Mon, 26 Feb 2024 20:29:28 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.47
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1708979370; cv=none; b=gHox39/Zk43JKeyD9IfKVkaOJcltLHA0rgPfwcHA2bbuHpc70w4VzowLt4LGCoigEORXXbevg+rfg7v8yjW3d2YCUDDFYavIjWLF2jc0USA0lHbOg4oi3q1e+hpFJ9TWjwYC6FIJSzjdgIFX3KWgRF8xxNuCNnJ/FwTqnvGRelI=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1708979370; c=relaxed/simple;
	bh=QxHMa8tXHRVUnwvw9mD2wDd93p39Q3LXyym88+LBQsg=;
	h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:
	 To:Cc:Content-Type; b=sjRcoJsuser3Fw9vKaLzdBW8BJg8D3dJw04tE8CVtsaaumsDkIZ8XIMA8yJCzahvt3WTBvyTcS0Hnr6gpryP3JeL3oxeQXU1VY10BbLhBNXoyKzyS9uvrXGbi0BQwvy0Y5CBQiqIf0PEyCha7wsg3+SCR/LGmYirF1x+L/Vn3dQ=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=google.com; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=kXUH4LYt; arc=none smtp.client-ip=209.85.167.47
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com
Received: by mail-lf1-f47.google.com with SMTP id 2adb3069b0e04-512f54c81d2so2048499e87.2
        for <linux-kernel@vger.kernel.org>; Mon, 26 Feb 2024 12:29:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google; t=1708979366; x=1709584166; darn=vger.kernel.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=tNlbAlWQ1iLJPy/RP5LQxjXWzGeumRLZ8mhf6SEDR2k=;
        b=kXUH4LYt0O+PcJSbQibj7bUR7GS3p3pHNY+97jePEAWM6mstU1LXPsKaj0lU/+8N7C
         a666jEF++XwzafrndzIg3MCT+lqXplSbXR9Q5dOEtP2fyWl/TmEoEor3dDLM9Xb9UiFG
         a1kxSmGodbTYdmNgGzzjy8k4nVrkFm7FRnGew=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1708979366; x=1709584166;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=tNlbAlWQ1iLJPy/RP5LQxjXWzGeumRLZ8mhf6SEDR2k=;
        b=kK1cC1C4lsG2TEz3Yz7vcCmdonmnn7E1b9efMynrmnHLLVHh/R0YSexPpa05uXBPgA
         woaYw7T/5K6BXX5KOst8KNNDJ5DINArqCSgxo0KB4CjPJcKFd3sA1altXW816j6v5dIr
         M+PUTKbyyDBRDtqYrILYSgqe2AUN0e/WAQNvN9yyDwqaZxxj5N+beZMdzvwDNvleCuFe
         m/tBjCoV5osv8zO4jb0sigS71YDJ/FcXz9GuEZnDlCkhjwzYrVNUpDZwMTKG0LaigYL+
         o3E1mBJ0NYEEJUui1gs3i3DKidC9okfMFs0YookbWXaFOMWgY4PNPM4jTFOL8uhV7kCJ
         A8Lw==
X-Forwarded-Encrypted: i=1; AJvYcCX1Qdnm2It3p+CCenH6+O/6xCoYw9zSNLKAjauRrO2o2EzGjKJkYtLhGC33L5B/7daUjKk5IAkVhg2Bq83jpk08TTxljRFPiHFxOD4Q
X-Gm-Message-State: AOJu0Yx1Km5FN/Bdx4jlH5uxQxhvdlg7JQVlrxL56rCN0z4cknM8iUeR
	UyzVI7iEsfjOf+EMcdI6qPzUuMRdhJNAt5QMcbhakXAqsjmFv3xOH4eNJpa1/YJardsaCbSjEEt
	B/U9Wi8jxqvcHahIs/jkuBo8VJIfyNMlGeTWA
X-Received: by 2002:ac2:5d4f:0:b0:512:a4ce:abaa with SMTP id
 w15-20020ac25d4f000000b00512a4ceabaamr4861210lfd.48.1708979366487; Mon, 26
 Feb 2024 12:29:26 -0800 (PST)
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
References: <20240221210626.155534-1-adrian.ratiu@collabora.com>
 <CAD=FV=WR51_HJA0teHhBKvr90ufzZePVcxdA+iVZqXUK=cYJng@mail.gmail.com>
 <202402261110.B8129C002@keescook> <202402261123.B2A1D0DE@keescook>
In-Reply-To: <202402261123.B2A1D0DE@keescook>
From: Mike Frysinger <vapier@chromium.org>
Date: Mon, 26 Feb 2024 15:28:49 -0500
Message-ID: <CAAbOSckyxGka1vWTpuYwA8eH=17sJbGMUOuCwHs2gE_FPnXG3A@mail.gmail.com>
Subject: Re: [PATCH] proc: allow restricting /proc/pid/mem writes
To: Kees Cook <keescook@chromium.org>
Cc: Adrian Ratiu <adrian.ratiu@collabora.com>, jannh@google.com, 
	Doug Anderson <dianders@chromium.org>, linux-security-module@vger.kernel.org, 
	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, 
	kernel@collabora.com, Guenter Roeck <groeck@chromium.org>, linux-hardening@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

(lemme try this again as plain text)

On Mon, Feb 26, 2024 at 2:24=E2=80=AFPM Kees Cook <keescook@chromium.org> w=
rote:
> On Mon, Feb 26, 2024 at 09:10:54AM -0800, Doug Anderson wrote:
> > On Wed, Feb 21, 2024 at 1:06=E2=80=AFPM Adrian Ratiu <adrian.ratiu@coll=
abora.com> wrote:
> > +     if (ptracer_capable(current, mm->user_ns) &&
>
> It really looks like you're trying to do a form of ptrace_may_access(),
> but _without_ the introspection exception?

to be clear, we want the check to be "ptracer is attached, and the
process attempting the write is the ptracer", not "does the writer
pass ptrace access checks".  the latter opens up more angles,
including shellcode self-modification, that we don't want.  the only
use case we have for writable mem files is for debuggers, and those
should already be attached.
-mike