Re: /proc/[pid]/mem write implications

From: Cong Wang
Date: Sat Jan 28 2012 - 22:37:09 EST


On 01/29/2012 09:32 AM, Bryan Jacobs wrote:
Dear LKML,

I have a few questions on the recent change to allow writing
to /proc/[pid]/mem. If I understand correctly, the recent
privilege-escalation vulnerability was fundamentally caused by
incorrectly verifying that the memory being written to by a process was
its own. The goal was to only allow processes to write to their own
memory space - this was deemed harmless.


Well, the more fundamental vulnerability is the check was done in write(2) instead of open(2), which leaves a window for exploits.


But I think that allowing arbitrary processes to write to **their own**
memory via a file descriptor might in itself be problematic. Please,
help me understand how this is safe.

You will have a sysctl to control if it is writable.

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/