Re: + mm-relax-ptrace-mode-in-process_vm_readv2.patch added to -mm tree

[Alexey Dobriyan]

On Mon, Mar 05, 2018 at 05:02:08PM -0800, Kees Cook wrote:
> On Mon, Mar 5, 2018 at 4:07 PM,  <akpm@xxxxxxxxxxxxxxxxxxxx> wrote:

> > It is more natural to check for read-from-memory permissions in case of
> > process_vm_readv() as PTRACE_MODE_ATTACH is equivalent to write
> > permissions.
> 
> NAK, this weakens the existing permission model for reading

What if existing permission model is overezealous?

/proc/*/auxv, /proc/*/environ, /proc*/cmdline, /proc/*/mem opened
for reading and process_vm_readv(2) should do PTRACE_MODE_READ and
everything else should do PTRACE_MODE_ATTACH.

> cross-process memory. ptrace-readable memory can only be done with
> ATTACH, and /proc/$pid/mem also requires ATTACH:
> 
> static int mem_open(struct inode *inode, struct file *file)
> {
>         int ret = __mem_open(inode, file, PTRACE_MODE_ATTACH);
> 
> Only auxv and environ use READ. We should absolutely not create a pass
> to a lower permission requirement here.