Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec
From: James Morris
Date: Mon Feb 07 2011 - 22:43:27 EST
On Mon, 7 Feb 2011, Kees Cook wrote:
> Sure, I know about O_CLOEXEC, but this is about protecting the
> just-been-execed setuid process from the attacking process that has no
> reason to set O_CLOEXEC.
>
> Something like this needs to be enforced on the kernel side. I.e. these
> file in /proc need to have O_CLOEXEC set in a way that cannot be unset.
>
> > Changing the behavior in the core kernel will break userspace.
>
> I don't think /proc/$pid/* needs to stay open across execs, does it? Or at
> least the non-0444 files should be handled separately.
Actually, this seems like a more general kind of bug in proc rather than a
leaked fd. Each child task should only see its own /proc/[pid] data.
- James
--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/