Re: 2.2 imminent.. /proc security fix?

Mitchell Blank Jr (mitch@execpc.com)
Wed, 14 Oct 1998 06:49:02 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Woodhouse: "Re: [SHOWSTOPPER?] Network death in 2.1.124 (corrected trace)"
Previous message: Olaf Titz: "Re: Linux-2.1.125 ... pre-2.2 imminent"

Chris Wedgwood wrote:
> > The fix stops someone holding open "/proc/<pid>/*" files, letting
> > the process exit, then waiting for "pid" to be re-used, gaining
> > read access to semi-sensitive info.
>
> My preferred fix to this, not possible in 2.2.x time is to make uid_t
> 32-bit (although this only buys us time... no doubt DaveM or someone
> will have a sparc-something that can wrap that is a couple of years).

A 32-bit uid_t would be great for lots of reasons... it's not unthinkable
that in the near future people will want to be able to run 80,000 processes
on their large servers. I believe Solaris 2.7 is supposed to include
this.

As for the /proc/PID/* problem is to just check permissions on each
read (I believe this is also done in the lastest 2.0's). The long
term solution would be to have a 64 bit process number that is used
internally in procfs. We shouldn't try to just garauntee that the PID
itself won't be reused - it gets hairy if in the future we want to move
to random PIDs (like OpenBSD) or some other scheme.

-Mitch

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Woodhouse: "Re: [SHOWSTOPPER?] Network death in 2.1.124 (corrected trace)"
Previous message: Olaf Titz: "Re: Linux-2.1.125 ... pre-2.2 imminent"