Re: [PATCH] proc: avoid leaking eip, esp, or wchan tonon-privileged processes (fwd)

[Jake Edge]

On Mon, 4 May 2009 09:27:29 +1000 (EST) James Morris wrote:
> This patch needs some review.

Indeed.

> Note that stable@xxxxxxxxxx typically backport already-reviewed and 
> applied patches.  I think security@xxxxxxxxxx is for reporting
> problems in a non-public way (whereas, this is already public
> knowledge).

I realize (now :) that I didn't get this out to all of the right folks,
thanks for doing that.  I didn't realize security@xxxxxxxxxx was only
for non-public security problems, though.  Maybe there needs to be a
'security maintainer' separate from that list?  Or maybe there is one
and I just didn't find that person in MAINTAINERS?

It would seem that the 'start_stack' value output by /proc/pid/stat
should also only be available to processes that can ptrace ... that was
not part of my original patch, but I think should be added ...

jake

-- 
Jake Edge - LWN - jake@xxxxxxx - http://lwn.net
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/