Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752803AbZL2V3i (ORCPT ); Tue, 29 Dec 2009 16:29:38 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752776AbZL2V3U (ORCPT ); Tue, 29 Dec 2009 16:29:20 -0500 Received: from out02.mta.xmission.com ([166.70.13.232]:57733 "EHLO out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752766AbZL2V3Q (ORCPT ); Tue, 29 Dec 2009 16:29:16 -0500 To: Alan Cox Cc: Benny Amorsen , Bryan Donlan , "Serge E. Hallyn" , Michael Stone , linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-security-module@vger.kernel.org, Andi Kleen , David Lang , Oliver Hartkopp , Herbert Xu , Valdis Kletnieks , Evgeniy Polyakov , "C. Scott Ananian" , James Morris , Bernie Innocenti , Mark Seaborn , Randy Dunlap , =?iso-8859-1?Q?Am=E9rico?= Wang , Tetsuo Handa , Samir Bellabes , Casey Schaufler , Pavel Machek , Al Viro References: <20091229050114.GC14362@heat> <20091229151146.GA32153@us.ibm.com> <3e8340490912290805s103fb789y13acea4a84669b20@mail.gmail.com> <20091229211139.0732a0c1@lxorguk.ukuu.org.uk> From: ebiederm@xmission.com (Eric W. Biederman) Date: Tue, 29 Dec 2009 13:29:06 -0800 In-Reply-To: <20091229211139.0732a0c1@lxorguk.ukuu.org.uk> (Alan Cox's message of "Tue\, 29 Dec 2009 21\:11\:39 +0000") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-XM-SPF: eid=;;;mid=;;;hst=in02.mta.xmission.com;;;ip=76.21.114.89;;;frm=ebiederm@xmission.com;;;spf=neutral X-SA-Exim-Connect-IP: 76.21.114.89 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-DCC: XMission; sa03 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ;Alan Cox X-Spam-Relay-Country: X-Spam-Report: * -1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.0 T_TM2_M_HEADER_IN_MSG BODY: T_TM2_M_HEADER_IN_MSG * -3.0 BAYES_00 BODY: Bayesian spam probability is 0 to 1% * [score: 0.0000] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa03 1397; Body=1 Fuz1=1 Fuz2=1] * 0.0 XM_SPF_Neutral SPF-Neutral * 0.4 UNTRUSTED_Relay Comes from a non-trusted relay Subject: Re: RFC: disablenetwork facility. (v4) X-SA-Exim-Version: 4.2.1 (built Thu, 25 Oct 2007 00:26:12 +0000) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1286 Lines: 33 Alan Cox writes: >> > Execute != read. The executable file may contain secrets which must not >> > be available to the user running the setuid program. If you fail the >> > setuid, the user will be able to ptrace() and then the secret is >> > revealed. >> > >> > It's amazing how many security holes appear from what seems like a very >> > simple request. >> >> Do we have a security hole in nosuid mount option? >> Can someone write a patch to fix it? > > If a setuid app can read a key when its erroneously not set setuid then > the user can read it too. > > Anything you can do with ptrace you can do yourself ! Now that I think about it this is really something completely separate from setuid. This is about being able to read the text segment with ptrace when you on have execute permissions on the file. I just skimmed through fs/exec.c and we set the undumpable process flag in that case so ptrace should not work in that case. So short of a bug in the implementation we have no security hole. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/