Thread (44 messages) 44 messages, 4 authors, 2021-03-25

Re: [PATCH v30 04/12] landlock: Add ptrace restrictions

From: Kees Cook <hidden>
Date: 2021-03-19 18:47:02
Also in: linux-api, linux-arch, linux-fsdevel, linux-kselftest, linux-security-module, lkml

On Tue, Mar 16, 2021 at 09:42:44PM +0100, Mickaël Salaün wrote:
From: Mickaël Salaün <redacted>

Using ptrace(2) and related debug features on a target process can lead
to a privilege escalation.  Indeed, ptrace(2) can be used by an attacker
to impersonate another task and to remain undetected while performing
malicious activities.  Thanks to  ptrace_may_access(), various part of
the kernel can check if a tracer is more privileged than a tracee.

A landlocked process has fewer privileges than a non-landlocked process
and must then be subject to additional restrictions when manipulating
processes. To be allowed to use ptrace(2) and related syscalls on a
target process, a landlocked process must have a subset of the target
process's rules (i.e. the tracee must be in a sub-domain of the tracer).

Cc: James Morris <jmorris@namei.org>
Cc: Kees Cook <redacted>
Signed-off-by: Mickaël Salaün <redacted>
Reviewed-by: Kees Cook <redacted>

-- 
Kees Cook
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help