FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2024-12-14 21:01:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5096add84b
linux/fs/proc
History
Kees Cook 5096add84b proc: maps protection 
The /proc/pid/ "maps", "smaps", and "numa_maps" files contain sensitive
information about the memory location and usage of processes.  Issues:

- maps should not be world-readable, especially if programs expect any
  kind of ASLR protection from local attackers.
- maps cannot just be 0400 because "-D_FORTIFY_SOURCE=2 -O2" makes glibc
  check the maps when %n is in a *printf call, and a setuid(getuid())
  process wouldn't be able to read its own maps file.  (For reference
  see http://lkml.org/lkml/2006/1/22/150)
- a system-wide toggle is needed to allow prior behavior in the case of
  non-root applications that depend on access to the maps contents.

This change implements a check using "ptrace_may_attach" before allowing
access to read the maps contents.  To control this protection, the new knob
/proc/sys/kernel/maps_protect has been added, with corresponding updates to
the procfs documentation.

[akpm@linux-foundation.org: build fixes]
[akpm@linux-foundation.org: New sysctl numbers are old hat]
Signed-off-by: Kees Cook <kees@outflux.net>
Cc: Arjan van de Ven <arjan@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-05-08 11:15:02 -07:00
..
array.c reduce size of task_struct on 64-bit machines 2007-05-08 11:14:58 -07:00
base.c proc: maps protection 2007-05-08 11:15:02 -07:00
generic.c Fix race between proc_readdir and remove_proc_entry 2007-05-08 11:15:02 -07:00
inode-alloc.txt
inode.c proc: remove pathetic ->deleted WARN_ON 2007-05-08 11:15:02 -07:00
internal.h proc: maps protection 2007-05-08 11:15:02 -07:00
kcore.c [PATCH] elf: fix kcore note size calculation 2006-12-07 08:39:38 -08:00
kmsg.c [PATCH] Make most file operations structs in fs/ const 2006-03-28 09:16:06 -08:00
Makefile [PATCH] Fix kernel build with EMBEDDED & PROC_FS & !PROC_SYSCTL 2007-03-27 09:05:16 -07:00
mmu.c
nommu.c [PATCH] mark struct file_operations const 6 2007-02-12 09:48:45 -08:00
proc_devtree.c [POWERPC] Make struct property's value a void * 2007-04-13 03:55:18 +10:00
proc_misc.c mm/slab.c: proper prototypes 2007-05-07 12:12:52 -07:00
proc_sysctl.c [PATCH] sysctl: hide the sysctl proc inodes from selinux 2007-02-14 08:10:00 -08:00
proc_tty.c [PATCH] mark struct file_operations const 6 2007-02-12 09:48:45 -08:00
root.c [PATCH] proc: fix linkage with CONFIG_SYSCTL=y, CONFIG_PROC_SYSCTL=n 2007-04-02 10:06:08 -07:00
task_mmu.c proc: maps protection 2007-05-08 11:15:02 -07:00
task_nommu.c proc: maps protection 2007-05-08 11:15:02 -07:00
vmcore.c [PATCH] i386: Allow i386 crash kernels to handle x86_64 dumps 2007-05-02 19:27:09 +02:00