Re: [PATCH v2] proc: allow restricting /proc/pid/mem writes

From: Kees Cook
Date: Mon Mar 04 2024 - 12:56:17 EST

Next message: Andy Shevchenko: "[PATCH v1 1/1] mmc: dw_mmc: Remove unused of_gpio.h"
Previous message: Greg KH: "Re: [PATCH stable v6.7] drm/nouveau: don't fini scheduler before entity flush"
In reply to: Adrian Ratiu: "Re: [PATCH v2] proc: allow restricting /proc/pid/mem writes"
Next in thread: Kees Cook: "Re: [PATCH v2] proc: allow restricting /proc/pid/mem writes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 04, 2024 at 02:35:29PM +0000, Adrian Ratiu wrote:
> Yes, easy to block and also respect page permissions (can't write
> read-only memory) as well as require ptrace access anyway by checking
> PTRACE_MODE_ATTACH_REALCREDS.

right, I don't think process_vm_writev() ignores page permissions? i.e. I
don't see where it is using FOLL_FORCE, which is one of the central
problems with /proc/$pid/mem. (Which reminds me, this is worth mentioning
more explicitly in the commit log for v3.)

--
Kees Cook

Next message: Andy Shevchenko: "[PATCH v1 1/1] mmc: dw_mmc: Remove unused of_gpio.h"
Previous message: Greg KH: "Re: [PATCH stable v6.7] drm/nouveau: don't fini scheduler before entity flush"
In reply to: Adrian Ratiu: "Re: [PATCH v2] proc: allow restricting /proc/pid/mem writes"
Next in thread: Kees Cook: "Re: [PATCH v2] proc: allow restricting /proc/pid/mem writes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]