| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1299289175-15720-1-git-send-email-wilsons@start.ca>
Date: Fri, 4 Mar 2011 20:39:35 -0500
From: Stephen Wilson <wilsons@...rt.ca>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: Al Viro <viro@...iv.linux.org.uk>, linux-kernel@...r.kernel.org,
Stephen Wilson <wilsons@...rt.ca>
Subject: [PATCH] proc: Document why writing to /proc/pid/mem is a security hazard.
Signed-off-by: Stephen Wilson <wilsons@...rt.ca>
---
fs/proc/base.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 9d096e8..9d55b7b 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -832,7 +832,11 @@ out_no_task:
#define mem_write NULL
#ifndef mem_write
-/* This is a security hazard */
+/*
+ * As implemented, mem_write would be a security hazard if enabled. For
+ * example, the target task could exec a setuid-root binary between the
+ * permission check and the write into memory.
+ */
static ssize_t mem_write(struct file * file, const char __user *buf,
size_t count, loff_t *ppos)
{
--
1.7.3.5
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists