Re: 2.4+ptrace exploit fix breaks root's ability to strace

• Next message: Arjan van de Ven: "Re: 2.4+ptrace exploit fix breaks root's ability to strace"
• Previous message: Wichert Akkerman: "ipv6 ipsec tunnel mode produces broken packets"
• In reply to: Lists (lst): "Re: 2.4+ptrace exploit fix breaks root's ability to strace"
• Next in thread: Martin Loschwitz: "Re: 2.4+ptrace exploit fix breaks root's ability to strace"
• Reply: Martin Loschwitz: "Re: 2.4+ptrace exploit fix breaks root's ability to strace"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Mar 23, 2003 at 12:31:39PM +0200, Lists (lst) wrote:
> The patch breaks /proc/<pid>/cmdline and /proc/<pid>/environ for 'non
> dumpable' processes, even for root.

This fix is definitely wrong.

> - if (!is_dumpable(tsk) || (&init_mm == mm))
> + if ((!is_dumpable(tsk) || (&init_mm == mm)) && (current->uid != 0))
> mm = NULL;

Today, security is based around the capability system, not UID numbers.

-- 
Russell King (rmk@arm.linux.org.uk)                The developer of ARM Linux
             http://www.arm.linux.org.uk/personal/aboutme.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

• Next message: Arjan van de Ven: "Re: 2.4+ptrace exploit fix breaks root's ability to strace"
• Previous message: Wichert Akkerman: "ipv6 ipsec tunnel mode produces broken packets"
• In reply to: Lists (lst): "Re: 2.4+ptrace exploit fix breaks root's ability to strace"
• Next in thread: Martin Loschwitz: "Re: 2.4+ptrace exploit fix breaks root's ability to strace"
• Reply: Martin Loschwitz: "Re: 2.4+ptrace exploit fix breaks root's ability to strace"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun Mar 23 2003 - 22:00:44 EST