[PATCH] Enable writing to /proc/PID/mem.
From: Stephen Wilson
Date: Wed Mar 02 2011 - 21:09:28 EST
For a long time /proc/PID/mem has provided a read-only interface, at least since
2.4.0. However, a write capability has existed "forever" in tree via the
function mem_write, disabled with an #ifdef along with the comment "this is a
security hazard". Charles Wright, back in 2006, gave some history on the
subject:
http://lkml.org/lkml/2006/3/10/224
Later, in commit 638fa202c, Roland McGrath updated mem_write to call
check_mem_permission which ensures an identical security policy for
/proc/PID/mem as for ptrace(). IOW, the proc interface provides a simpler, more
efficient, but otherwise equivalent mechanism for probing a processes memory as
available via ptrace.
There is no longer a security hazard and the world can safely use read/write
instead of ptrace PEEK/POKE's. Remove the #ifdef.
Signed-off-by: Stephen Wilson <wilsons@xxxxxxxx>
---
fs/proc/base.c | 5 -----
1 files changed, 0 insertions(+), 5 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 9d096e8..70fc4db 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -829,10 +829,6 @@ out_no_task:
return ret;
}
-#define mem_write NULL
-
-#ifndef mem_write
-/* This is a security hazard */
static ssize_t mem_write(struct file * file, const char __user *buf,
size_t count, loff_t *ppos)
{
@@ -880,7 +876,6 @@ out:
out_no_task:
return copied;
}
-#endif
loff_t mem_lseek(struct file *file, loff_t offset, int orig)
{
--
1.7.3.5
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/