RE: [PATCH v2 00/39] Shadowstacks for userspace

From: David Laight
Date: Tue Oct 04 2022 - 05:58:12 EST

Next message: Stephen Rothwell: "linux-next: manual merge of the mm tree with the drm tree"
Previous message: Borislav Petkov: "[GIT PULL] x86/core for 6.1"
In reply to: Kees Cook: "Re: [PATCH v2 00/39] Shadowstacks for userspace"
Next in thread: Kees Cook: "Re: [PATCH v2 00/39] Shadowstacks for userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Kees Cook <keescook@xxxxxxxxxxxx>
...
> >
> > If you don't want /proc/$pid/mem to be able to do stuff like that,
> > then IMO the way to go is to change when /proc/$pid/mem uses
> > FOLL_FORCE, or to limit overall write access to /proc/$pid/mem.
>
> Yeah, all reasonable. I just wish we could ditch FOLL_FORCE; it continues
> to weird me out how powerful that fd's side-effects are.

Could you remove FOLL_FORCE from /proc/$pid/mem and add a
/proc/$pid/mem_force that enable FOLL_FORCE but requires root
(or similar) access.

Although I suspect gdb may like to have write access to
code?

David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Next message: Stephen Rothwell: "linux-next: manual merge of the mm tree with the drm tree"
Previous message: Borislav Petkov: "[GIT PULL] x86/core for 6.1"
In reply to: Kees Cook: "Re: [PATCH v2 00/39] Shadowstacks for userspace"
Next in thread: Kees Cook: "Re: [PATCH v2 00/39] Shadowstacks for userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]