[PATCH v2 0/3] fix SELinux W^X bypass via ptrace
From: Jann Horn
Date: Wed Sep 28 2016 - 18:55:04 EST
This fixes a bypass of SELinux' W^X protection via ptrace.
For more details, see the commit messages of patches 2/3 and 3/3.
Jann Horn (3):
fs/exec: don't force writing memory access
mm: add LSM hook for writes to readonly memory
selinux: require EXECMEM for forced ptrace poke
drivers/gpu/drm/etnaviv/etnaviv_gem.c | 3 +-
drivers/gpu/drm/i915/i915_gem_userptr.c | 2 +-
drivers/infiniband/core/umem_odp.c | 4 +-
fs/exec.c | 4 +-
fs/proc/base.c | 68 +++++++++++++++++++++-------
fs/proc/internal.h | 4 +-
fs/proc/task_mmu.c | 4 +-
fs/proc/task_nommu.c | 2 +-
include/linux/lsm_hooks.h | 9 ++++
include/linux/mm.h | 12 ++++-
include/linux/sched.h | 4 +-
include/linux/security.h | 10 +++++
kernel/events/uprobes.c | 6 ++-
kernel/fork.c | 6 ++-
mm/gup.c | 80 +++++++++++++++++++++++++--------
mm/memory.c | 22 ++++++---
mm/nommu.c | 22 +++++----
mm/process_vm_access.c | 8 ++--
security/security.c | 8 ++++
security/selinux/hooks.c | 15 +++++++
security/tomoyo/domain.c | 2 +-
virt/kvm/async_pf.c | 3 +-
virt/kvm/kvm_main.c | 9 ++--
23 files changed, 230 insertions(+), 77 deletions(-)
--
2.1.4