I wrote the patch to change the owner of /proc files to root if the
dumpable flag is cleared. Could you tell me some more details what
is wrong, how to reproduce the problem?
> I'd very much appreciate it if my patch were considered for inclusion
> in the standard kernel. It is so simple that it is unlikely to have
> any bugs that make matters worse than they are already.
I hope to see 1.2.14 soon too; there are a few other problems reported.
Here is a list just to make sure they are not forgotten (this happened
to /proc - the proc(4) man page last updated for 1.1.45 (!) says in the
BUGS section: "The /proc file system totally destroys the security of
your system. This needs fixing before 1.2", but in fact it was not
fixed before 1.2, unfortunately).
- /proc/<pid>/mem and mmap, strace reboot
- MAP_DENYWRITE denial of service, do it only files executable by user?
- IP firewalling: header overwrite
- setuid/setgid bits not cleared when the file is written by non-owner
Maybe we should have an official kernel bug database (like the one for
the Debian distribution) to make sure no bug is forgotten?
> (I have had to do one rather nasty hack: the procfs doesn't have a
> member of the superblock per-filesystem info union, so I have encoded
> the paranoid option into the root directory's sticky bit.)
Maybe we should add such a member for proc (this is not critical so it
might go in 1.3.x only) - it would be much easier to add new proc mount
options. Another mount option which would be useful is to allow the user
to see information about their own processes only. I have an account on
an old (but C2) SCO box which does just that: I can't see any processes
not owned by me using ps or w. This would be especially nice for programs
which need passwords as arguments (like smbclient).
Marek