[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 3 Mar 2011 16:58:49 -0500
From: Stephen Wilson <wilsons@...rt.ca>
To: Al Viro <viro@...IV.linux.org.uk>
Cc: KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>,
Andrew Morton <akpm@...ux-foundation.org>,
David Rientjes <rientjes@...gle.com>,
Nick Piggin <npiggin@...nel.dk>,
Roland McGrath <roland@...hat.com>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Enable writing to /proc/PID/mem.
On Thu, Mar 03, 2011 at 07:46:26PM +0000, Al Viro wrote:
> Think what happens if the target execs suid-root binary in the middle of your
> call. After you've done your check. E.g. during copy_from_user().
>
> On the read side we actually recheck permissions after having copied into
> buffer and if the check fails we don't copy that buffer into userland.
> Not feasible on the write side...
You are right. Looks like we would need to hold task_lock over both the
permission check and write -- but I do not see a clean/simple way of doing
that today. Might be worth looking into...
Thanks!
--
steve
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists