Re: Avoiding information leaks between users and between processes by default? [Was: : [PATCH 1/5] prctl: add PR_ISOLATE_BP process control]

On Mon, 29 Jan 2018 14:14:46 +0100 Pavel Machek wrote: > On Wed 2018-01-24 20:46:22, Alan Cox wrote: > > > Anyway, no need to add prctl(), if A can ptrace B and B can ptrace A, > > > leaking info between them should not be a big deal. You can probably > > > find existing macros doing neccessary c

Re: Avoiding information leaks between users and between processes by default? [Was: : [PATCH 1/5] prctl: add PR_ISOLATE_BP process control]

On Wed 2018-01-24 20:46:22, Alan Cox wrote: > > Anyway, no need to add prctl(), if A can ptrace B and B can ptrace A, > > leaking info between them should not be a big deal. You can probably > > find existing macros doing neccessary checks. > > Until one of them is security managed so it shouldn't

Re: Avoiding information leaks between users and between processes by default? [Was: : [PATCH 1/5] prctl: add PR_ISOLATE_BP process control]

> Anyway, no need to add prctl(), if A can ptrace B and B can ptrace A, > leaking info between them should not be a big deal. You can probably > find existing macros doing neccessary checks. Until one of them is security managed so it shouldn't be able to ptrace the other, or (and this is the nast

Re: Avoiding information leaks between users and between processes by default? [Was: : [PATCH 1/5] prctl: add PR_ISOLATE_BP process control]

Hi! > > On Wed 2018-01-24 09:37:05, Dominik Brodowski wrote: > > > On Wed, Jan 24, 2018 at 07:29:53AM +0100, Martin Schwidefsky wrote: > > > > On Tue, 23 Jan 2018 18:07:19 +0100 > > > > Dominik Brodowski wrote: > > > > > > > > > On Tue, Jan 23, 2018 at 02:07:01PM +0100, Martin Schwidefsky wro

Re: Avoiding information leaks between users and between processes by default? [Was: : [PATCH 1/5] prctl: add PR_ISOLATE_BP process control]

On Wed, 24 Jan 2018 09:37:05 +0100 > To my understanding, Linux traditionally tried to aim for the security goal > of avoiding information leaks *between* users[+], probably even between > processes of the same user. It wasn't a guarantee, and there always were Not between processes of the same us

Re: Avoiding information leaks between users and between processes by default? [Was: : [PATCH 1/5] prctl: add PR_ISOLATE_BP process control]

On Wed, 24 Jan 2018 12:15:53 +0100 Pavel Machek wrote: > Hi! > > On Wed 2018-01-24 09:37:05, Dominik Brodowski wrote: > > On Wed, Jan 24, 2018 at 07:29:53AM +0100, Martin Schwidefsky wrote: > > > On Tue, 23 Jan 2018 18:07:19 +0100 > > > Dominik Brodowski wrote: > > > > > > > On Tue, Jan 23

Re: Avoiding information leaks between users and between processes by default? [Was: : [PATCH 1/5] prctl: add PR_ISOLATE_BP process control]

Hi! On Wed 2018-01-24 09:37:05, Dominik Brodowski wrote: > On Wed, Jan 24, 2018 at 07:29:53AM +0100, Martin Schwidefsky wrote: > > On Tue, 23 Jan 2018 18:07:19 +0100 > > Dominik Brodowski wrote: > > > > > On Tue, Jan 23, 2018 at 02:07:01PM +0100, Martin Schwidefsky wrote: > > > > Add the PR_ISOL

Re: Avoiding information leaks between users and between processes by default? [Was: : [PATCH 1/5] prctl: add PR_ISOLATE_BP process control]

On Wed, 2018-01-24 at 09:37 +0100, Dominik Brodowski wrote: > On Wed, Jan 24, 2018 at 07:29:53AM +0100, Martin Schwidefsky wrote: > > > > On Tue, 23 Jan 2018 18:07:19 +0100 > > Dominik Brodowski wrote: > > > > > > > > On Tue, Jan 23, 2018 at 02:07:01PM +0100, Martin Schwidefsky wrote: > > > >

Avoiding information leaks between users and between processes by default? [Was: : [PATCH 1/5] prctl: add PR_ISOLATE_BP process control]

On Wed, Jan 24, 2018 at 07:29:53AM +0100, Martin Schwidefsky wrote: > On Tue, 23 Jan 2018 18:07:19 +0100 > Dominik Brodowski wrote: > > > On Tue, Jan 23, 2018 at 02:07:01PM +0100, Martin Schwidefsky wrote: > > > Add the PR_ISOLATE_BP operation to prctl. The effect of the process > > > control is