| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180305160710.0ea9a6c0c4b784a457a48a2b@linux-foundation.org>
Date: Mon, 5 Mar 2018 16:07:10 -0800
From: Andrew Morton <akpm@...ux-foundation.org>
To: Alexey Dobriyan <adobriyan@...il.com>
Cc: linux-kernel@...r.kernel.org, yeohc@....ibm.com, jann@...jh.net
Subject: Re: [PATCH] mm: relax ptrace mode in process_vm_readv(2)
On Sat, 3 Mar 2018 23:11:16 +0300 Alexey Dobriyan <adobriyan@...il.com> wrote:
> It is more natural to check for read-from-memory permissions in case of
> process_vm_readv() as PTRACE_MODE_ATTACH is equivalent to write
> permissions.
>
> ...
>
> --- a/mm/process_vm_access.c
> +++ b/mm/process_vm_access.c
> @@ -204,7 +204,7 @@ static ssize_t process_vm_rw_core(pid_t pid, struct iov_iter *iter,
> goto free_proc_pages;
> }
>
> - mm = mm_access(task, PTRACE_MODE_ATTACH_REALCREDS);
> + mm = mm_access(task, vm_write ? PTRACE_MODE_ATTACH_REALCREDS : PTRACE_MODE_READ_REALCREDS);
> if (!mm || IS_ERR(mm)) {
> rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
> /*
But what is the risk of breaking existing userspace?
Powered by blists - more mailing lists