ptrace and most proc files should be inaccessible to users if binary is not readable

google / gvisor

Application Kernel for Containers

https://gvisor.dev

Apache License 2.0

15.84k stars 1.3k forks source link

ptrace and most proc files should be inaccessible to users if binary is not readable #160

Open amscanne opened 5 years ago

amscanne commented 5 years ago

Calling execve on a binary with execute permissions but no read permissions is allowed. However, the resulting task is marked non-dumpable[1] by the kernel.

This affects __ptrace_may_access[2], which enforces access by ptrace and to many proc files.

Basically, execute-no-read binaries are a subset of typical setuid binaries.

[1] https://elixir.bootlin.com/linux/v5.0.4/source/fs/exec.c#L1316 [2] https://elixir.bootlin.com/linux/v5.0.4/source/kernel/ptrace.c#L327

github-actions[bot] commented 1 year ago

A friendly reminder that this issue had no activity for 120 days.

github-actions[bot] commented 11 months ago

This issue has been closed due to lack of activity.

github-actions[bot] commented 11 months ago

There are TODOs still referencing this issue:

pkg/sentry/loader/loader.go:103: Linux requires only execute permission,
test/syscalls/linux/exec_binary.cc:1308: gVisor's backing filesystem may prevent the
test/syscalls/linux/exec_binary.cc:1327: A task with a non-readable executable is marked

Search TODO

github-actions[bot] commented 7 months ago

A friendly reminder that this issue had no activity for 120 days.