From: Jann Horn <jann@thejh.net>
To: security@kernel.org, Alexander Viro <viro@zeniv.linux.org.uk>,
Paul Moore <paul@paul-moore.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
Eric Paris <eparis@parisplace.org>,
James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>
Cc: Nick Kralevich <nnk@google.com>,
Janis Danisevskis <jdanis@google.com>,
linux-security-module@vger.kernel.org, linux-mm@kvack.org,
linux-kernel@vger.kernel.org
Subject: [PATCH v2 0/3] fix SELinux W^X bypass via ptrace
Date: Thu, 29 Sep 2016 00:54:38 +0200 [thread overview]
Message-ID: <1475103281-7989-1-git-send-email-jann@thejh.net> (raw)
This fixes a bypass of SELinux' W^X protection via ptrace.
For more details, see the commit messages of patches 2/3 and 3/3.
Jann Horn (3):
fs/exec: don't force writing memory access
mm: add LSM hook for writes to readonly memory
selinux: require EXECMEM for forced ptrace poke
drivers/gpu/drm/etnaviv/etnaviv_gem.c | 3 +-
drivers/gpu/drm/i915/i915_gem_userptr.c | 2 +-
drivers/infiniband/core/umem_odp.c | 4 +-
fs/exec.c | 4 +-
fs/proc/base.c | 68 +++++++++++++++++++++-------
fs/proc/internal.h | 4 +-
fs/proc/task_mmu.c | 4 +-
fs/proc/task_nommu.c | 2 +-
include/linux/lsm_hooks.h | 9 ++++
include/linux/mm.h | 12 ++++-
include/linux/sched.h | 4 +-
include/linux/security.h | 10 +++++
kernel/events/uprobes.c | 6 ++-
kernel/fork.c | 6 ++-
mm/gup.c | 80 +++++++++++++++++++++++++--------
mm/memory.c | 22 ++++++---
mm/nommu.c | 22 +++++----
mm/process_vm_access.c | 8 ++--
security/security.c | 8 ++++
security/selinux/hooks.c | 15 +++++++
security/tomoyo/domain.c | 2 +-
virt/kvm/async_pf.c | 3 +-
virt/kvm/kvm_main.c | 9 ++--
23 files changed, 230 insertions(+), 77 deletions(-)
--
2.1.4
next reply other threads:[~2016-09-28 22:54 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-28 22:54 Jann Horn [this message]
2016-09-28 22:54 ` [PATCH v2 1/3] fs/exec: don't force writing memory access Jann Horn
2016-09-29 16:09 ` Oleg Nesterov
2016-09-28 22:54 ` [PATCH v2 2/3] mm: add LSM hook for writes to readonly memory Jann Horn
2016-09-28 23:22 ` Andy Lutomirski
2016-09-28 23:32 ` Jann Horn
2016-09-28 23:44 ` Jann Horn
2016-11-03 2:25 ` Jann Horn
2016-09-29 6:25 ` Ingo Molnar
2016-09-28 22:54 ` [PATCH v2 3/3] selinux: require EXECMEM for forced ptrace poke Jann Horn
2016-09-29 6:19 ` Ingo Molnar
2016-09-29 16:38 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1475103281-7989-1-git-send-email-jann@thejh.net \
--to=jann@thejh.net \
--cc=eparis@parisplace.org \
--cc=james.l.morris@oracle.com \
--cc=jdanis@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=nnk@google.com \
--cc=paul@paul-moore.com \
--cc=sds@tycho.nsa.gov \
--cc=security@kernel.org \
--cc=serge@hallyn.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox