| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Mar 2012 08:52:30 +1300 From: "Michael Kerrisk (man-pages)" <mtk.manpages@...il.com> To: Cyrill Gorcunov <gorcunov@...nvz.org> Cc: Andrew Morton <akpm@...ux-foundation.org>, Pavel Emelyanov <xemul@...allels.com>, linux-man@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>, Tejun Heo <tj@...nel.org> Subject: Re: [PATCH 1/2] prctl: Add PR_SET_MM option description On Wed, Mar 7, 2012 at 7:22 AM, Cyrill Gorcunov <gorcunov@...nvz.org> wrote: > On Wed, Mar 07, 2012 at 07:00:14AM +1300, Michael Kerrisk (man-pages) wrote: >> Hi Cyrill, >> >> Just a couple of comments for the moment. >> >> On Thu, Mar 1, 2012 at 1:23 AM, Cyrill Gorcunov <gorcunov@...nvz.org> wrote: >> > Signed-off-by: Cyrill Gorcunov <gorcunov@...nvz.org> >> > CC: Tejun Heo <tj@...nel.org> >> > CC: Pavel Emelyanov <xemul@...allels.com> >> > --- >> > man2/prctl.2 | 104 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >> > 1 files changed, 104 insertions(+), 0 deletions(-) >> > >> > diff --git a/man2/prctl.2 b/man2/prctl.2 >> > index effad2a..4d6244f 100644 >> > --- a/man2/prctl.2 >> > +++ b/man2/prctl.2 >> > @@ -378,6 +378,110 @@ Return the current per-process machine check kill policy. >> > All unused >> > .BR prctl () >> > arguments must be zero. >> > +.TP >> > +.BR PR_SET_MM " (since Linux 3.3)" >> > +Allows a user to modify certain kernel memory map descriptor fields >> > +of the calling process. >> > +Usually these fields are set by the kernel and dynamic loader (see >> > +.BR ld.so (8) >> > +for more information) and a regular application should not use this feature. >> > +Still there are cases such as self-modifying programs, where a program might >> > +find it useful to change its own memory map. >> >> By the way, do you have a *simple* program that demonstrates some >> usage of R_SET_MM? > > Hi Michael, > > well, at moment we've only crtools itself which uses this facility, > so if we need complete standalone example I need to think about it. > >> >> > +The kernel must be built with >> > +.BR CONFIG_CHECKPOINT_RESTORE >> > +option turned on, otherwise this feature will not be accessible >> > +from a user space level. >> > +The calling process must have >> > +.BR CAP_SYS_ADMIN >> > +(see >> > +.BR capabilities (7) >> > +for details) capability granted. >> >> As we discussed earlier (offlist), there are probably better choices >> than the hugely overloaded CAP_SYS_ADMIN (see >> http://man7.org/linux/man-pages/man7/capabilities.7.html). And if the >> capability governing PR_SET_MM is to change, then it would be good to >> do so before 3.3 is released. What are the plans on this point? >> > > Yeah, I thought about changing it to CAP_SYS_RESOURCE here. > And I'll post a patch. The problem at moment that there another > two snippets needed for prctl -- ability to set new /proc/pid/exe > symlink and to obtaine clear-tid-address. So there is a discussion > now about symlink change. Once we finish with it -- i'll post > update for capability. > > If you prefer to have it done earlier -- no problem, I'll cook > a patch today instead on top of everything we've already > merged into linux-next. What would you prefer? It would make sense if the capability requirements were finalized before 3.3 is released. Changing them after 3.3 creates (at least a little) pain for userspace. Thanks, Michael -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Author of "The Linux Programming Interface"; http://man7.org/tlpi/ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists