| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20150715152149.0f6158c2c2f806d0be44c110@linux-foundation.org>
Date: Wed, 15 Jul 2015 15:21:49 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: Calvin Owens <calvinowens@...com>
Cc: Alexey Dobriyan <adobriyan@...il.com>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Al Viro <viro@...iv.linux.org.uk>,
Miklos Szeredi <miklos@...redi.hu>,
Zefan Li <lizefan@...wei.com>, Oleg Nesterov <oleg@...hat.com>,
Joe Perches <joe@...ches.com>,
David Howells <dhowells@...hat.com>,
<linux-kernel@...r.kernel.org>, <kernel-team@...com>,
<keescook@...omium.org>, Andy Lutomirski <luto@...capital.net>,
Cyrill Gorcunov <gorcunov@...nvz.org>,
"Kirill A. Shutemov" <kirill@...temov.name>
Subject: Re: [PATCH v7] procfs: Always expose /proc/<pid>/map_files/ and
make it readable
On Thu, 18 Jun 2015 19:32:18 -0700 Calvin Owens <calvinowens@...com> wrote:
> Currently, /proc/<pid>/map_files/ is restricted to CAP_SYS_ADMIN, and
> is only exposed if CONFIG_CHECKPOINT_RESTORE is set.
>
> Each mapped file region gets a symlink in /proc/<pid>/map_files/
> corresponding to the virtual address range at which it is mapped. The
> symlinks work like the symlinks in /proc/<pid>/fd/, so you can follow
> them to the backing file even if that backing file has been unlinked.
>
> Currently, files which are mapped, unlinked, and closed are impossible
> to stat() from userspace. Exposing /proc/<pid>/map_files/ closes this
> functionality "hole".
>
> Not being able to stat() such files makes noticing and explicitly
> accounting for the space they use on the filesystem impossible. You can
> work around this by summing up the space used by every file in the
> filesystem and subtracting that total from what statfs() tells you, but
> that obviously isn't great, and it becomes unworkable once your
> filesystem becomes large enough.
>
> This patch moves map_files/ out from behind CONFIG_CHECKPOINT_RESTORE,
> and adjusts the permissions enforced on it as follows:
proc_pid_follow_link() got changed while you weren't looking, causing
fs/proc/base.c: In function 'proc_map_files_follow_link':
fs/proc/base.c:1963: warning: passing argument 2 of 'proc_pid_follow_link' from incompatible pointer type
fs/proc/base.c:1578: note: expected 'void **' but argument is of type 'struct nameidata *'
fs/proc/base.c:1963: warning: return discards qualifiers from pointer target type
fs/proc/base.c: At top level:
fs/proc/base.c:1971: warning: initialization from incompatible pointer type
I just changed it to pass NULL:
--- a/fs/proc/base.c~procfs-always-expose-proc-pid-map_files-and-make-it-readable-fix
+++ a/fs/proc/base.c
@@ -1955,12 +1955,13 @@ struct map_files_info {
* symlinks may be used to bypass permissions on ancestor directories in the
* path to the file in question.
*/
-static void *proc_map_files_follow_link(struct dentry *dentry, struct nameidata *nd)
+static void *
+proc_map_files_follow_link(struct dentry *dentry, struct nameidata *nd)
{
if (!capable(CAP_SYS_ADMIN))
return ERR_PTR(-EPERM);
- return proc_pid_follow_link(dentry, nd);
+ return proc_pid_follow_link(dentry, NULL);
}
/*
_
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists