| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 29 Jan 2012 11:36:21 +0800 From: Cong Wang <xiyou.wangcong@...il.com> To: Bryan Jacobs <its@...ytoremember.us> CC: linux-kernel@...r.kernel.org Subject: Re: /proc/[pid]/mem write implications On 01/29/2012 09:32 AM, Bryan Jacobs wrote: > Dear LKML, > > I have a few questions on the recent change to allow writing > to /proc/[pid]/mem. If I understand correctly, the recent > privilege-escalation vulnerability was fundamentally caused by > incorrectly verifying that the memory being written to by a process was > its own. The goal was to only allow processes to write to their own > memory space - this was deemed harmless. Well, the more fundamental vulnerability is the check was done in write(2) instead of open(2), which leaves a window for exploits. > > But I think that allowing arbitrary processes to write to **their own** > memory via a file descriptor might in itself be problematic. Please, > help me understand how this is safe. You will have a sysctl to control if it is writable. Thanks. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists