Re: [PATCH] proc: avoid leaking eip, esp, or wchan to non-privileged processes (fwd)

From: Eric W. Biederman
Date: Mon May 04 2009 - 02:09:44 EST

Next message: Al Viro: "Re: [PATCH] reiserfs: Expand i_mutex to enclose lookup_one_len"
Previous message: Michal Simek: "Re: [PATCH V3] asm-generic: add a generic uaccess.h"
In reply to: Greg KH: "Re: [PATCH] proc: avoid leaking eip, esp, or wchan tonon-privileged processes (fwd)"
Next in thread: Jake Edge: "Re: [PATCH] proc: avoid leaking eip, esp, or wchan tonon-privileged processes (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

James Morris <jmorris@xxxxxxxxx> writes:

> diff --git a/fs/proc/base.c b/fs/proc/base.c
> index aa763ab..cd3c0d7 100644
> --- a/fs/proc/base.c
> +++ b/fs/proc/base.c
> @@ -319,6 +319,9 @@ static int proc_pid_wchan(struct task_struct *task, char
> *buffer)
> unsigned long wchan;
> char symname[KSYM_NAME_LEN];
>
> + if (!ptrace_may_access(task, PTRACE_MODE_READ))
> + return 0;
> +
> wchan = get_wchan(task);
>
> if (lookup_symbol_name(wchan, symname) < 0)

If the symbol is in the kernel it should be safe to return it's
name, all that is an information leak of a different sort.
Overall I expect we should return -EPERM here and not simply
an empty file.

Have you tested these patches against ps top and similar common
tools?

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Al Viro: "Re: [PATCH] reiserfs: Expand i_mutex to enclose lookup_one_len"
Previous message: Michal Simek: "Re: [PATCH V3] asm-generic: add a generic uaccess.h"
In reply to: Greg KH: "Re: [PATCH] proc: avoid leaking eip, esp, or wchan tonon-privileged processes (fwd)"
Next in thread: Jake Edge: "Re: [PATCH] proc: avoid leaking eip, esp, or wchan tonon-privileged processes (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]