| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 22 Mar 2014 14:37:38 +0100
From: Djalal Harouni <tixxdz@...ndz.org>
To: linux-kernel@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>,
Al Viro <viro@...iv.linux.org.uk>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Kees Cook <keescook@...omium.org>,
Andy Lutomirski <luto@...capital.net>,
Oleg Nesterov <oleg@...hat.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Ingo Molnar <mingo@...nel.org>
Cc: Djalal Harouni <tixxdz@...ndz.org>
Subject: [PATCH resend - v2 0/2] procfs: make /proc/*/{stack,syscall,pagemap} 0400
(Please note: this is a resend of version 2, I got two Acked-by, but no
one replied on why it should not be applied...)
The following patches make /proc/*/{stack,syscall,personality,pagemap}
0400.
These files contain sensitive information that can be used by an
unprivileged process to leak address space and bypass ASLR. This will
make the VFS able to bloc unprivileged processes from getting file
descriptors on *already* *running* processes (privileged processes).
This does not protect all the /proc and exec-suid cases. It just reduces
the scope of ASLR leaks by protecting *already running* processes. The
leak is still possible on these files *only* if an attacker opens its
/proc/*/file and can *spawn* a target setuid process, then read from it.
So, only already running processes are protected.
Patches were Acked by Kees Cook and Andy Lutomirski. Thank you!
This is a resend, first send:
https://lkml.org/lkml/2013/12/15/114
Of the already version 2, the original discussion:
https://lkml.org/lkml/2013/8/26/354
(date: Aug 2013, and it can be used to leak ASLR).
Kees Cook also confirmed the security exposure here:
https://lkml.org/lkml/2013/8/28/564
At least we have a VFS protection for now.
Reminder:
I've discussed the technique to use the 'file->f_cred' to protect proc
entries here:
https://lkml.org/lkml/2013/10/1/371
Eric suggest it, I did the implementation and it was rejected.
Good I've took _all_ the comments in consideration, and came up with
another scheme. It will protect *already running* processes, but first
I need to get this simple series accepted!
Thanks!
Djalal Harouni (2):
procfs: make /proc/*/{stack,syscall,personality} 0400
procfs: make /proc/*/pagemap 0400
fs/proc/base.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists