[PATCH 0/2] restrict statistics information to user

From: Vasiliy Kulikov
Date: Fri Jun 24 2011 - 08:08:45 EST

Next message: Vasiliy Kulikov: "[PATCH 1/2] proc: restrict access to /proc/PID/io"
Previous message: Mark Brown: "Re: [alsa-devel] [PATCH 1/3] ASoC: Add ADAV80x codec driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

taskstats and /proc/PID/io may be used for gathering private
information. E.g. for openssh and vsftpd daemons wchars/rchars may be
used to learn the precise password length (pass_len = w_chars - CONST).
Restrict it to user.

The simplified proof learning whether ~*/.ssh/authorized_keys file
exists is posted here:
http://www.openwall.com/lists/oss-security/2011/06/21/12

Vasiliy Kulikov (2):
proc: restrict access to /proc/PID/io
taskstats: restrict access to user

fs/proc/base.c | 7 +++++--
kernel/taskstats.c | 23 ++++++++++++++++++++++-
2 files changed, 27 insertions(+), 3 deletions(-)

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Vasiliy Kulikov: "[PATCH 1/2] proc: restrict access to /proc/PID/io"
Previous message: Mark Brown: "Re: [alsa-devel] [PATCH 1/3] ASoC: Add ADAV80x codec driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]