Re: [PATCH v22 04/12] landlock: Add ptrace restrictions

[PATCH v22 00/12] Landlock LSM · Mickaël Salaün <mic@digikod.net> · 2020-10-27
[PATCH v22 03/12] landlock: Set up the security framework and manage credentials · Mickaël Salaün <mic@digikod.net> · 2020-10-27
Re: [PATCH v22 03/12] landlock: Set up the security framework and manage credentials · Jann Horn <jannh@google.com> · 2020-10-29
[PATCH v22 04/12] landlock: Add ptrace restrictions · Mickaël Salaün <mic@digikod.net> · 2020-10-27
Re: [PATCH v22 04/12] landlock: Add ptrace restrictions · Jann Horn <jannh@google.com> · 2020-10-29
[PATCH v22 05/12] LSM: Infrastructure management of the superblock · Mickaël Salaün <mic@digikod.net> · 2020-10-27
Re: [PATCH v22 05/12] LSM: Infrastructure management of the superblock · James Morris <jmorris@namei.org> · 2020-10-29
[PATCH v22 08/12] landlock: Add syscall implementations · Mickaël Salaün <mic@digikod.net> · 2020-10-27
Re: [PATCH v22 08/12] landlock: Add syscall implementations · Jann Horn <jannh@google.com> · 2020-10-29
Re: [PATCH v22 08/12] landlock: Add syscall implementations · Mickaël Salaün <mic@digikod.net> · 2020-10-29
Re: [PATCH v22 08/12] landlock: Add syscall implementations · Jann Horn <jannh@google.com> · 2020-10-30
Re: [PATCH v22 08/12] landlock: Add syscall implementations · Mickaël Salaün <mic@digikod.net> · 2020-10-30
[PATCH v22 12/12] landlock: Add user and kernel documentation · Mickaël Salaün <mic@digikod.net> · 2020-10-27
Re: [PATCH v22 12/12] landlock: Add user and kernel documentation · Jann Horn <jannh@google.com> · 2020-10-29
Re: [PATCH v22 12/12] landlock: Add user and kernel documentation · Mickaël Salaün <mic@digikod.net> · 2020-10-29
[PATCH v22 10/12] selftests/landlock: Add user space tests · Mickaël Salaün <mic@digikod.net> · 2020-10-27
[PATCH v22 07/12] landlock: Support filesystem access-control · Mickaël Salaün <mic@digikod.net> · 2020-10-27
Re: [PATCH v22 07/12] landlock: Support filesystem access-control · Jann Horn <jannh@google.com> · 2020-10-29
Re: [PATCH v22 07/12] landlock: Support filesystem access-control · Mickaël Salaün <mic@digikod.net> · 2020-10-29
Re: [PATCH v22 07/12] landlock: Support filesystem access-control · Mickaël Salaün <mic@digikod.net> · 2020-11-03
[PATCH v22 06/12] fs,security: Add sb_delete hook · Mickaël Salaün <mic@digikod.net> · 2020-10-27
Re: [PATCH v22 06/12] fs,security: Add sb_delete hook · Jann Horn <jannh@google.com> · 2020-10-29
Re: [PATCH v22 06/12] fs,security: Add sb_delete hook · James Morris <jmorris@namei.org> · 2020-10-29
[PATCH v22 11/12] samples/landlock: Add a sandbox manager example · Mickaël Salaün <mic@digikod.net> · 2020-10-27
[PATCH v22 02/12] landlock: Add ruleset and domain management · Mickaël Salaün <mic@digikod.net> · 2020-10-27
Re: [PATCH v22 02/12] landlock: Add ruleset and domain management · Jann Horn <jannh@google.com> · 2020-10-29
Re: [PATCH v22 02/12] landlock: Add ruleset and domain management · Mickaël Salaün <mic@digikod.net> · 2020-10-29
[PATCH v22 09/12] arch: Wire up Landlock syscalls · Mickaël Salaün <mic@digikod.net> · 2020-10-27
Re: [PATCH v22 09/12] arch: Wire up Landlock syscalls · James Morris <jmorris@namei.org> · 2020-10-29
[PATCH v22 01/12] landlock: Add object management · Mickaël Salaün <mic@digikod.net> · 2020-10-27
Re: [PATCH v22 01/12] landlock: Add object management · Jann Horn <jannh@google.com> · 2020-10-29
Re: [PATCH v22 01/12] landlock: Add object management · Mickaël Salaün <mic@digikod.net> · 2020-10-29
Re: [PATCH v22 01/12] landlock: Add object management · Jann Horn <jannh@google.com> · 2020-10-30
Re: [PATCH v22 01/12] landlock: Add object management · Pavel Machek <hidden> · 2020-11-16
Re: [PATCH v22 01/12] landlock: Add object management · Mickaël Salaün <mic@digikod.net> · 2020-11-16
Re: [PATCH v22 00/12] Landlock LSM · Jann Horn <jannh@google.com> · 2020-10-29
Re: [PATCH v22 00/12] Landlock LSM · Mickaël Salaün <mic@digikod.net> · 2020-10-29

From: Jann Horn <jannh@google.com>
Date: 2020-10-29 01:07:22
Also in: linux-api, linux-arch, linux-doc, linux-fsdevel, linux-kselftest, lkml

On Tue, Oct 27, 2020 at 9:04 PM Mickaël Salaün [off-list ref] wrote:

Using ptrace(2) and related debug features on a target process can lead
to a privilege escalation.  Indeed, ptrace(2) can be used by an attacker
to impersonate another task and to remain undetected while performing
malicious activities.  Thanks to  ptrace_may_access(), various part of
the kernel can check if a tracer is more privileged than a tracee.

A landlocked process has fewer privileges than a non-landlocked process
and must then be subject to additional restrictions when manipulating
processes. To be allowed to use ptrace(2) and related syscalls on a
target process, a landlocked process must have a subset of the target
process's rules (i.e. the tracee must be in a sub-domain of the tracer).

Cc: James Morris <jmorris@namei.org>
Cc: Jann Horn <jannh@google.com>
Cc: Kees Cook <redacted>
Cc: Serge E. Hallyn <serge@hallyn.com>
Signed-off-by: Mickaël Salaün <redacted>

Reviewed-by: Jann Horn <jannh@google.com>

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help