| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20161019165958.GM24393@dhcp22.suse.cz>
Date: Wed, 19 Oct 2016 19:00:00 +0200
From: Michal Hocko <mhocko@...nel.org>
To: Oleg Nesterov <oleg@...hat.com>
Cc: Leon Yu <chianglungyu@...il.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Al Viro <viro@...iv.linux.org.uk>,
Kees Cook <keescook@...omium.org>,
John Stultz <john.stultz@...aro.org>,
Mateusz Guzik <mguzik@...hat.com>,
Janis Danisevskis <jdanis@...gle.com>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] proc: fix NULL dereference when reading /proc/<pid>/auxv
On Wed 19-10-16 18:44:29, Oleg Nesterov wrote:
> On 10/19, Michal Hocko wrote:
> >
> > On Wed 19-10-16 18:12:08, Oleg Nesterov wrote:
> > > On 10/19, Michal Hocko wrote:
> > > >
> > > > Why would we even want to open that file if there is no mm struct?
> > >
> > > Agreed this is strange, but I am not sure we can change this old
> > > behaviour. Say, cat /proc/$pid-of-kthread/mem doesn't fail, it shows
> > > the "empty mm".
> >
> > What kind of application would break?
>
> I have no idea, probably nobody will ever notice this change, just
> I am always nervous when it comes to user-visible changes.
>
> But why do we want this change? Not that I am going to argue if you
> submit a patch, but personally I see no real point.
I find it much easier to not allow open than a) have a weird side
effects like seeing a hijacked mm and b) risk that similar NULL ptr will
repeat again because all the code paths have to check for it explicitly.
--
Michal Hocko
SUSE Labs
Powered by blists - more mailing lists