Re: [PATCH] seccomp: Fix tracer exit notifications during fatal signals

2016-08-23 Thread Kees Cook
On Mon, Aug 22, 2016 at 8:27 PM, Kyle Huey wrote: > On Thu, Aug 11, 2016 at 11:18 AM, Kees Cook wrote: >> On Thu, Aug 11, 2016 at 8:12 AM, Oleg Nesterov wrote: >>> On 08/10, Kees Cook wrote: This fixes a ptrace vs fatal pending signals bug as manifested in seccomp now that ptrace

Re: [PATCH] seccomp: Fix tracer exit notifications during fatal signals

2016-08-22 Thread Kyle Huey
On Thu, Aug 11, 2016 at 11:18 AM, Kees Cook wrote: > On Thu, Aug 11, 2016 at 8:12 AM, Oleg Nesterov wrote: >> On 08/10, Kees Cook wrote: >>> >>> This fixes a ptrace vs fatal pending signals bug as manifested in seccomp >>> now that ptrace was reordered to happen after ptrace. The short version is

Re: [PATCH] seccomp: Fix tracer exit notifications during fatal signals

2016-08-11 Thread Robert O'Callahan
Thanks! On Fri, Aug 12, 2016 at 3:12 AM, Oleg Nesterov wrote: > > The bug happens because when __seccomp_filter() detects > > fatal_signal_pending(), it calls do_exit() without dequeuing the fatal > > signal. When do_exit() sends the PTRACE_EVENT_EXIT > > I _never_ understood what PTRACE_EVENT_EX

Re: [PATCH] seccomp: Fix tracer exit notifications during fatal signals

2016-08-11 Thread Kees Cook
On Thu, Aug 11, 2016 at 8:12 AM, Oleg Nesterov wrote: > On 08/10, Kees Cook wrote: >> >> This fixes a ptrace vs fatal pending signals bug as manifested in seccomp >> now that ptrace was reordered to happen after ptrace. The short version is >> that seccomp should not attempt to call do_exit() whil

Re: [PATCH] seccomp: Fix tracer exit notifications during fatal signals

2016-08-11 Thread Kees Cook
On Thu, Aug 11, 2016 at 12:27 AM, Andy Lutomirski wrote: > On Wed, Aug 10, 2016 at 4:37 PM, Kees Cook wrote: >> This fixes a ptrace vs fatal pending signals bug as manifested in seccomp >> now that ptrace was reordered to happen after ptrace. The short version is >> that seccomp should not attemp

Re: [PATCH] seccomp: Fix tracer exit notifications during fatal signals

2016-08-11 Thread Oleg Nesterov
On 08/10, Kees Cook wrote: > > This fixes a ptrace vs fatal pending signals bug as manifested in seccomp > now that ptrace was reordered to happen after ptrace. The short version is > that seccomp should not attempt to call do_exit() while fatal signals are > pending under a tracer. This was needle

Re: [PATCH] seccomp: Fix tracer exit notifications during fatal signals

2016-08-11 Thread Andy Lutomirski
On Wed, Aug 10, 2016 at 4:37 PM, Kees Cook wrote: > This fixes a ptrace vs fatal pending signals bug as manifested in seccomp > now that ptrace was reordered to happen after ptrace. The short version is > that seccomp should not attempt to call do_exit() while fatal signals are > pending under a t

Re: [PATCH] seccomp: Fix tracer exit notifications during fatal signals

2016-08-10 Thread Kyle Huey
On Wed, Aug 10, 2016 at 4:37 PM, Kees Cook wrote: > This fixes a ptrace vs fatal pending signals bug as manifested in seccomp > now that ptrace was reordered to happen after ptrace. The short version is > that seccomp should not attempt to call do_exit() while fatal signals are > pending under a t