headers
Natanael Copa | 10 Oct 2007 10:20
Picon
Gravatar

ptrace denied returns unintialized value?

Hi,

I'm looking at the grsecurity-2.1.11-2.6.22.9-200709280630.patch

I have a question about this hunk:

diff -urNp linux-2.6.22.9/arch/alpha/kernel/ptrace.c linux-2.6.22.9/arch/alpha/kernel/ptrace.c
--- linux-2.6.22.9/arch/alpha/kernel/ptrace.c   2007-08-09 17:28:15.000000000 -0400
+++ linux-2.6.22.9/arch/alpha/kernel/ptrace.c   2007-08-10 07:48:12.000000000 -0400
 <at>  <at>  -15,6 +15,7  <at>  <at> 
 #include <linux/slab.h>
 #include <linux/security.h>
 #include <linux/signal.h>
+#include <linux/grsecurity.h>

 #include <asm/uaccess.h>
 #include <asm/pgtable.h>
 <at>  <at>  -283,6 +284,9  <at>  <at>  do_sys_ptrace(long request, long pid, lo
                goto out_notsk;
        }

+       if (gr_handle_ptrace(child, request))
+               goto out;
+
        if (request == PTRACE_ATTACH) {
                ret = ptrace_attach(child);
                goto out;

It looks to me that it might return an unintiliaized value of "ret". Shouldn't it be:
(Continue reading)

Permalink | Reply | 1 comment |
headers
Brad Spengler | 10 Oct 2007 23:11
Favicon

Re: ptrace denied returns unintialized value?

> It looks to me that it might return an unintiliaized value of "ret". 
> Shouldn't it be:

Thanks for spotting it.  Your fix below is correct and will be included 
in the next 2.6 patch.

> 
>         if (gr_handle_ptrace(child, request)) {
>                 ret = -EPERM;
>                 goto out;
>         }

-Brad

_______________________________________________
grsecurity mailing list
grsecurity@...
http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
Permalink | Reply | 0 comments |
headers
Carlos Carvalho | 18 Oct 2007 02:15
Picon

does 2.6.22.9-200710101250.patch work for 22.10?

I've seen that the patch for 2.6.23 is out already. Does the latest
patch for 2.6.22.9 work for 22.10? I'd rather go to the latest 22 now
than to 23 in a mission critical server...

There's only a trivial reject but this doesn't mean the patch is correct.
Permalink | Reply | 1 comment |
headers
Eduardo Tongson | 18 Oct 2007 03:35
Picon

Re: does 2.6.22.9-200710101250.patch work for 22.10?

With that ideology you should be using the 2.4.
But if it is not an option to use 2.4 you are better off using the latest 2.6.

On 10/18/07, Carlos Carvalho <carlos@...> wrote:
> I've seen that the patch for 2.6.23 is out already. Does the latest
> patch for 2.6.22.9 work for 22.10? I'd rather go to the latest 22 now
> than to 23 in a mission critical server...
>
> There's only a trivial reject but this doesn't mean the patch is correct.
> _______________________________________________
> grsecurity mailing list
> grsecurity@...
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
>
Permalink | Reply | 0 comments |
headers
Rodrigo Rubira Branco (BSDaemon | 18 Oct 2007 09:06

Re: does 2.6.22.9-200710101250.patch work for 22.10?

Hey Carlos,

Yes, it works if you just fix the rejection.   There is no big changes in
the latest version.

cya,

Rodrigo (BSDaemon).

--
http://www.kernelhacking.com/rodrigo

Kernel Hacking: If i really know, i can hack

GPG KeyID: 1FCEDEA1

--------- Mensagem Original --------
De: Carlos Carvalho <carlos@...>
Para: grsecurity@... <grsecurity@...>
Assunto: [grsec] does 2.6.22.9-200710101250.patch work for 22.10?
Data: 17/10/07 22:03

>
> I've seen that the patch for 2.6.23 is out already. Does the latest
> patch for 2.6.22.9 work for 22.10? I'd rather go to the latest 22 now
> than to 23 in a mission critical server...
>
> There's only a trivial reject but this doesn't mean the patch is correct.
> _______________________________________________
> grsecurity mailing list
(Continue reading)

Permalink | Reply | 0 comments |

Gmane