[Resend] [PATCH 0/2] procfs: make /proc/*/{stack,syscall,pagemap} 0400

From: Djalal Harouni
Date: Sun Dec 15 2013 - 14:08:42 EST


The following patches make /proc/*/{stack,syscall,personality,pagemap}
0400.

These files contain sensitive information that can be used by an
unprivileged process to leak address space and bypass ASLR.


This is a resend, the original discussion:
https://lkml.org/lkml/2013/8/26/354

Ended by confirming this, and Kees Cook Acked the first patch.

Kees Cook also confirmed the security exposure here:
https://lkml.org/lkml/2013/8/28/564


So these patches only restore the original 0400 mode that will make
the VFS able to block unprivileged processes from getting file
descriptors on arbitrary privileged
/proc/*/{stack,syscall,personality,pagemap} files.


>From the first discussion no one picked the patches, so I included them
in the "procfs: protect /proc/*/* entries with file->f_cred" series:
https://lkml.org/lkml/2013/10/1/371

However, that attempt failed to have a general aggreemnt, so I'm
resending again but _only_ those two patches.

At least we have a VFS protection for now.


Djalal Harouni (2):
procfs: make /proc/*/{stack,syscall,personality} 0400
procfs: make /proc/*/pagemap 0400

fs/proc/base.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/