Re: [PATCH] Enable writing to /proc/PID/mem.

From: Stephen Wilson
Date: Thu Mar 03 2011 - 16:59:11 EST

Next message: David Rientjes: "Re: [patch] x86, mm: Clean up initmem_init"
Previous message: Zachary Amsden: "Re: regression - 2.6.36 -> 2.6.37 - kvm - 32bit SMP guests don'tboot"
In reply to: Al Viro: "Re: [PATCH] Enable writing to /proc/PID/mem."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Mar 03, 2011 at 07:46:26PM +0000, Al Viro wrote:
> Think what happens if the target execs suid-root binary in the middle of your
> call. After you've done your check. E.g. during copy_from_user().
>
> On the read side we actually recheck permissions after having copied into
> buffer and if the check fails we don't copy that buffer into userland.
> Not feasible on the write side...

You are right. Looks like we would need to hold task_lock over both the
permission check and write -- but I do not see a clean/simple way of doing
that today. Might be worth looking into...

Thanks!

--
steve

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Rientjes: "Re: [patch] x86, mm: Clean up initmem_init"
Previous message: Zachary Amsden: "Re: regression - 2.6.36 -> 2.6.37 - kvm - 32bit SMP guests don'tboot"
In reply to: Al Viro: "Re: [PATCH] Enable writing to /proc/PID/mem."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]