| Message ID | 20190125091919.21414-1-kleber.souza@canonical.com |
|---|---|
| Headers | show |
| Series | Fix /proc/*/stack permission (LP: #1813001) | expand |
Possible regression limited to userspaces, clean cherry-pick.
Thanks for the quick fix.
Acked-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
On 2019-01-25 10:19:18 , Kleber Souza wrote: > BugLink: https://bugs.launchpad.net/bugs/1813001 > > [Impact] > > The testcase test_095_kernel_symbols_missing_proc_self_stack from > ubuntu_qrt_kernel_security testsuite started to fail with Trusty kernel (3.13) > after the fix for CVE-2018-17972 ("proc: restrict kernel stack dumps to root"), > which prevents a regular user to read from /proc/self/stack. > > Kernel: 3.13.0-165.215~precise1 > The test failed with: > AssertionError: cat: /proc/self/stack: Permission denied > > FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest) > kernel addresses in /proc/self/stack are zeroed out > ---------------------------------------------------------------------- > Traceback (most recent call last): > File "./test-kernel-security.py", line 1364, in test_095_kernel_symbols_missing_proc_self_stack > self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected) > File "./test-kernel-security.py", line 1209, in _check_pK_files > test_function(expected_restricted) > File "./test-kernel-security.py", line 1320, in _095_kernel_symbols_missing_proc_self_stack > expected, retry=True) > File "./test-kernel-security.py", line 1146, in _read_twice > self.assertEqual(rc, 0, regular) > AssertionError: cat: /proc/self/stack: Permission denied > > The testcase checks the file permission before trying to read it, and for kernel > 3.13 the permissions became inconsistent with what the user can actually do: > > $ cat /proc/self/stack > cat: /proc/self/stack: Permission denied > $ ls -l /proc/self/stack > -r--r--r-- 1 ubuntu ubuntu 0 Jan 24 04:06 /proc/self/stack > > [Test Case] > Run 'cat' and 'ls' on the file as stated above, or run the > ubuntu_qrt_kernel_security testsuite and check for the results of the > test_095_kernel_symbols_missing_proc_self_stack testcase. > > [Fix] > Upstream commit 35a35046e4f9 ("procfs: make /proc/*/{stack,syscall,personality} > 0400") applied for v3.15-rc1 fixes the issue. > > [Regression Potential] > The upstream fix changes the permissions of the files > /proc/*/{stack,syscall,personality}, so userspace which relies on reading these > files as regular users might fail. However, this fixes a security issue and is > already applied on our later series. > > Djalal Harouni (1): > procfs: make /proc/*/{stack,syscall,personality} 0400 > > fs/proc/base.c | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) > > -- > 2.17.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
BugLink: https://bugs.launchpad.net/bugs/1813001 [Impact] The testcase test_095_kernel_symbols_missing_proc_self_stack from ubuntu_qrt_kernel_security testsuite started to fail with Trusty kernel (3.13) after the fix for CVE-2018-17972 ("proc: restrict kernel stack dumps to root"), which prevents a regular user to read from /proc/self/stack. Kernel: 3.13.0-165.215~precise1 The test failed with: AssertionError: cat: /proc/self/stack: Permission denied FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest) kernel addresses in /proc/self/stack are zeroed out ---------------------------------------------------------------------- Traceback (most recent call last): File "./test-kernel-security.py", line 1364, in test_095_kernel_symbols_missing_proc_self_stack self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected) File "./test-kernel-security.py", line 1209, in _check_pK_files test_function(expected_restricted) File "./test-kernel-security.py", line 1320, in _095_kernel_symbols_missing_proc_self_stack expected, retry=True) File "./test-kernel-security.py", line 1146, in _read_twice self.assertEqual(rc, 0, regular) AssertionError: cat: /proc/self/stack: Permission denied The testcase checks the file permission before trying to read it, and for kernel 3.13 the permissions became inconsistent with what the user can actually do: $ cat /proc/self/stack cat: /proc/self/stack: Permission denied $ ls -l /proc/self/stack -r--r--r-- 1 ubuntu ubuntu 0 Jan 24 04:06 /proc/self/stack [Test Case] Run 'cat' and 'ls' on the file as stated above, or run the ubuntu_qrt_kernel_security testsuite and check for the results of the test_095_kernel_symbols_missing_proc_self_stack testcase. [Fix] Upstream commit 35a35046e4f9 ("procfs: make /proc/*/{stack,syscall,personality} 0400") applied for v3.15-rc1 fixes the issue. [Regression Potential] The upstream fix changes the permissions of the files /proc/*/{stack,syscall,personality}, so userspace which relies on reading these files as regular users might fail. However, this fixes a security issue and is already applied on our later series. Djalal Harouni (1): procfs: make /proc/*/{stack,syscall,personality} 0400 fs/proc/base.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)