| View previous topic :: View next topic |
| Author |
Message |
tholin
Apprentice
Joined: 04 Oct 2008
Posts: 207
|
 Posted: Tue Jun 13, 2017 10:29 am Post subject: |
 |
|
| Zucca wrote: | | ... wait? You have this problem with 4.9.x? The bug was supposedly introduced at 4.11... |
According to that mail to the stable list:
| Quote: | | Enlightenment is broken in 4.11 and possibly other kernels where commit 64b875f7ac8a ("ptrace: Capture the ptracer's creds not PT_PTRACE_CAP") is backported to. |
Patch 64b875f7ac8a was introduced in 4.10-rc1 and backported to 4.9.1, 4.4.40 and 4.1.39.
But Greg Kroah-Hartman express some doubt.
| Quote: | | Has no one noticed it being broken on 4.10? That's where that commit showed up, it seems odd we haven't had a bug report until now, right? |
|
|
| Back to top |
|
 |
costel78
Guru
Joined: 20 Apr 2007
Posts: 407
|
| Posted: Tue Jun 13, 2017 3:25 pm Post subject: |
|
|
Hmmm, that's odd. The bug was introduced in 4.11, as far I understand, read the date on responsible patch.
4.11.4 with the following patch solve everything:
| Code: | Date: Mon, 22 May 2017 16:04:48 -0500
Subject: [PATCH] ptrace: Properly initialize ptracer_cred on fork
Message-ID: <877f18txfz.fsf_-_@xmission.com>
Patch-mainline: Submitted, LKML
References: bsc#1040041
When I introduced ptracer_cred I failed to consider the weirdness of
fork where the task_struct copies the old value by default. This
winds up leaving ptracer_cred set even when a process forks and
the child process does not wind up being ptraced.
Because ptracer_cred is not set on non-ptraced processes whose
parents were ptraced this has broken the ability of the enlightenment
window manager to start setuid children.
Fix this by properly initializing ptracer_cred in ptrace_init_task
This must be done with a little bit of care to preserve the current value
of ptracer_cred when ptrace carries through fork. Re-reading the
ptracer_cred from the ptracing process at this point is inconsistent
with how PT_PTRACE_CAP has been maintained all of these years.
Fixes: 64b875f7ac8a ("ptrace: Capture the ptracer's creds not PT_PTRACE_CAP")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
include/linux/ptrace.h | 7 +++++--
kernel/ptrace.c | 20 +++++++++++++-------
2 files changed, 18 insertions(+), 9 deletions(-)
--- a/include/linux/ptrace.h
+++ b/include/linux/ptrace.h
@@ -54,7 +54,8 @@ extern int ptrace_request(struct task_st
unsigned long addr, unsigned long data);
extern void ptrace_notify(int exit_code);
extern void __ptrace_link(struct task_struct *child,
- struct task_struct *new_parent);
+ struct task_struct *new_parent,
+ const struct cred *ptracer_cred);
extern void __ptrace_unlink(struct task_struct *child);
extern void exit_ptrace(struct task_struct *tracer, struct list_head *dead);
#define PTRACE_MODE_READ 0x01
@@ -206,7 +207,7 @@ static inline void ptrace_init_task(stru
if (unlikely(ptrace) && current->ptrace) {
child->ptrace = current->ptrace;
- __ptrace_link(child, current->parent);
+ __ptrace_link(child, current->parent, current->ptracer_cred);
if (child->ptrace & PT_SEIZED)
task_set_jobctl_pending(child, JOBCTL_TRAP_STOP);
@@ -215,6 +216,8 @@ static inline void ptrace_init_task(stru
set_tsk_thread_flag(child, TIF_SIGPENDING);
}
+ else
+ child->ptracer_cred = NULL;
}
/**
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -60,19 +60,25 @@ int ptrace_access_vm(struct task_struct
}
+void __ptrace_link(struct task_struct *child, struct task_struct *new_parent,
+ const struct cred *ptracer_cred)
+{
+ BUG_ON(!list_empty(&child->ptrace_entry));
+ list_add(&child->ptrace_entry, &new_parent->ptraced);
+ child->parent = new_parent;
+ child->ptracer_cred = get_cred(ptracer_cred);
+}
+
/*
* ptrace a task: make the debugger its new parent and
* move it to the ptrace list.
*
* Must be called with the tasklist lock write-held.
*/
-void __ptrace_link(struct task_struct *child, struct task_struct *new_parent)
+static void ptrace_link(struct task_struct *child, struct task_struct *new_parent)
{
- BUG_ON(!list_empty(&child->ptrace_entry));
- list_add(&child->ptrace_entry, &new_parent->ptraced);
- child->parent = new_parent;
rcu_read_lock();
- child->ptracer_cred = get_cred(__task_cred(new_parent));
+ __ptrace_link(child, new_parent, __task_cred(new_parent));
rcu_read_unlock();
}
@@ -386,7 +392,7 @@ static int ptrace_attach(struct task_str
flags |= PT_SEIZED;
task->ptrace = flags;
- __ptrace_link(task, current);
+ ptrace_link(task, current);
/* SEIZE doesn't trap tracee on attach */
if (!seize)
@@ -459,7 +465,7 @@ static int ptrace_traceme(void)
*/
if (!ret && !(current->real_parent->flags & PF_EXITING)) {
current->ptrace = PT_PTRACED;
- __ptrace_link(current, current->real_parent);
+ ptrace_link(current, current->real_parent);
}
}
write_unlock_irq(&tasklist_lock);
|
_________________
Sorry for my English. I'm still learning this language. |
|
| Back to top |
|
|
Jack Krauser
Apprentice
Joined: 19 Jan 2011
Posts: 211
|
| Posted: Tue Jun 13, 2017 9:51 pm Post subject: |
|
|
| tholin wrote: | | The kernel got a strict don't break userspace rule. It doesn't matter how broken userspace programs are, if they stop working because of a kernel change it's the kernel's fault (with some exceptions) |
I've installed gnome in a new installation and systemd was installed. With that comment I found a solution in the systemd wiki and I could fix the problem --> https://wiki.gentoo.org/wiki/Systemd.
Before I've installed gnome I have not this problem. My system was working without configure kernel options about systemd, this was the only problem that I found.
Thanks for your answers  |
|
| Back to top |
|
|
costel78
Guru
Joined: 20 Apr 2007
Posts: 407
|
| Posted: Thu Jun 15, 2017 1:58 pm Post subject: |
|
|
This issue has been fixed in linux kernel 4.11.5 by commit ff6c1649b4a15065474adc9b2590ba20c0a62238 ("ptrace: Properly initialize ptracer_cred on fork").
Thank you, all!
_________________
Sorry for my English. I'm still learning this language. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Kernel & Hardware
