lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 May 2011 14:27:42 +0300 From: Alexey Dobriyan <adobriyan@...il.com> To: samsonov@...sta.ru Cc: linux-kernel@...r.kernel.org Subject: Re: Some patches for ppp_generic.c and proc/base.c 2011/5/19 <samsonov@...sta.ru>: > I mean that /proc file permission for process information must be > secure: And how exactly adding -w------- bit helps this? > --- ./linux-2.6.33.4.orig/fs/proc/base.c > +++ ./linux-2.6.33.4/fs/proc/base.c 2.6.39 was released today. Never, ever mix several patches in one email. > @@ -2570,11 +2570,11 @@ > static const struct inode_operations proc_task_inode_operations; > > static const struct pid_entry tgid_base_stuff[] = { > - DIR("task", S_IRUGO|S_IXUGO, proc_task_inode_operations, proc_task_operations), > - DIR("fd", S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations), > - DIR("fdinfo", S_IRUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations), > + DIR("task", S_IWUSR|S_IRUGO|S_IXUGO, proc_task_inode_operations, proc_task_operations), > + DIR("fd", S_IWUSR|S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations), > + DIR("fdinfo", S_IRUSR|S_IWUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations), > #ifdef CONFIG_NET > - DIR("net", S_IRUGO|S_IXUGO, proc_net_inode_operations, proc_net_operations), > + DIR("net", S_IRUGO|S_IWUSR|S_IXUGO, proc_net_inode_operations, proc_net_operations), > #endif > REG("environ", S_IRUSR, proc_environ_operations), > INF("auxv", S_IRUSR, proc_pid_auxv), > @@ -2608,7 +2608,7 @@ > REG("pagemap", S_IRUSR, proc_pagemap_operations), > #endif > #ifdef CONFIG_SECURITY > - DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), > + DIR("attr", S_IRUGO|S_IWUSR|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), > #endif > #ifdef CONFIG_KALLSYMS > INF("wchan", S_IRUGO, proc_pid_wchan), > @@ -2767,7 +2767,7 @@ > if (!inode) > goto out; > > - inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO; > + inode->i_mode = S_IFDIR|S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP; > inode->i_op = &proc_tgid_base_inode_operations; > inode->i_fop = &proc_tgid_base_operations; > inode->i_flags|=S_IMMUTABLE; > @@ -2909,8 +2909,8 @@ > * Tasks > */ > static const struct pid_entry tid_base_stuff[] = { > - DIR("fd", S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations), > - DIR("fdinfo", S_IRUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations), > + DIR("fd", S_IRUSR|S_IWUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations), > + DIR("fdinfo", S_IRUSR|S_IWUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations), > REG("environ", S_IRUSR, proc_environ_operations), > INF("auxv", S_IRUSR, proc_pid_auxv), > ONE("status", S_IRUGO, proc_pid_status), > @@ -2942,7 +2942,7 @@ > REG("pagemap", S_IRUSR, proc_pagemap_operations), > #endif > #ifdef CONFIG_SECURITY > - DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), > + DIR("attr", S_IRUGO|S_IWUSR|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), > #endif > #ifdef CONFIG_KALLSYMS > INF("wchan", S_IRUGO, proc_pid_wchan), > @@ -3008,7 +3008,7 @@ > > if (!inode) > goto out; > - inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO; > + inode->i_mode = S_IFDIR|S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP; > inode->i_op = &proc_tid_base_inode_operations; > inode->i_fop = &proc_tid_base_operations; > inode->i_flags|=S_IMMUTABLE; -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists