| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20080105094859.GJ27894@ZenIV.linux.org.uk> Date: Sat, 5 Jan 2008 09:48:59 +0000 From: Al Viro <viro@...IV.linux.org.uk> To: Andrew Morton <akpm@...ux-foundation.org> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, linux-kernel@...r.kernel.org, Matt Mackall <mpm@...enic.com>, Dave Hansen <haveblue@...ibm.com> Subject: Re: [PATCH] restrict reading from /proc/<pid>/maps to those who share ->mm or can ptrace pid On Sat, Jan 05, 2008 at 01:31:09AM -0800, Andrew Morton wrote: > On Wed, 2 Jan 2008 14:09:57 +0000 Al Viro <viro@...IV.linux.org.uk> wrote: > > > Contents of /proc/*/maps is sensitive and may become sensitive > > after open() (e.g. if target originally shares our ->mm and later > > does exec on suid-root binary). > > um, which contents? Information about the addresses where libraries, etc. got mapped, to start with - if you have that randomized, you don't want it seen by attacker who tries to escalate... > > Check at read() (actually, ->start() of iterator) time that > > mm_struct we'd grabbed and locked is > > * still the ->mm of target > > * equal to reader's ->mm or the target is ptracable by reader. > > > > Specifically, do /proc/pid/smaps and the maps4 goodies in -mm need similar > treatment? They differ only in ->show(), so this patch takes care of them as well... -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists