Re: [PATCH] proc: prevent a task from writing on its own /proc/*/mem

From: Alexey Dobriyan
Date: Sat May 26 2018 - 11:48:27 EST

Next message: Dmitry Osipenko: "[RFC PATCH v2 0/2] Implement standard color keying properties for DRM planes"
Previous message: Paul Burton: "[PATCH 2/2] sched: Warn if we fail to migrate a task"
In reply to: Salvatore Mesoraca: "[PATCH] proc: prevent a task from writing on its own /proc/*/mem"
Next in thread: Salvatore Mesoraca: "Re: [PATCH] proc: prevent a task from writing on its own /proc/*/mem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, May 26, 2018 at 04:50:46PM +0200, Salvatore Mesoraca wrote:
> Prevent a task from opening, in "write" mode, any /proc/*/mem
> file that operates on the task's mm.
> /proc/*/mem is mainly a debugging means and, as such, it shouldn't
> be used by the inspected process itself.
> Current implementation always allow a task to access its own
> /proc/*/mem file.
> A process can use it to overwrite read-only memory, making
> pointless the use of security_file_mprotect() or other ways to
> enforce RO memory.

You can do it in security_ptrace_access_check() or security_file_open()

Next message: Dmitry Osipenko: "[RFC PATCH v2 0/2] Implement standard color keying properties for DRM planes"
Previous message: Paul Burton: "[PATCH 2/2] sched: Warn if we fail to migrate a task"
In reply to: Salvatore Mesoraca: "[PATCH] proc: prevent a task from writing on its own /proc/*/mem"
Next in thread: Salvatore Mesoraca: "Re: [PATCH] proc: prevent a task from writing on its own /proc/*/mem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]