On 06/20/2016 08:37 PM, Andy Lutomirski wrote: > On Mon, Jun 20, 2016 at 9:29 AM, Andy Lutomirski <l...@kernel.org> wrote: >> Setting TS_COMPAT in ptrace is wrong: if we happen to do it during >> syscall entry, then we'll confuse seccomp and audit. (The former >> isn't a security problem: seccomp is currently entirely insecure if a >> malicious ptracer is attached.) As a minimal fix, this patch adds a >> new flag TS_I386_REGS_POKED that handles the ptrace special case. >> >> Cc: Pedro Alves <pal...@redhat.com> >> Cc: Oleg Nesterov <o...@redhat.com> >> Cc: Kees Cook <keesc...@chromium.org> >> Signed-off-by: Andy Lutomirski <l...@kernel.org> > > In case you're interested, my draft followup (definitely not for x86/urgent) > is: > > https://git.kernel.org/cgit/linux/kernel/git/luto/linux.git/commit/?h=x86/vmap_stack&id=50d2f2a9fe1b > > Pedro, this appears to pass ptrace-tests. I need to try the 64-vs-32 > thing, but it's intended to fix it for real.
Awesome, thanks much for working on this! Thanks, Pedro Alves
