Re: [REVIEW][PATCH 2/3] ptrace: Don't allow accessing an undumpable mm

From: Kees Cook
Date: Thu Nov 17 2016 - 18:17:35 EST


On Thu, Nov 17, 2016 at 2:50 PM, Eric W. Biederman
<ebiederm@xxxxxxxxxxxx> wrote:
>
> It is the reasonable expectation that if an executable file is not
> readable there will be no way for a user without special privileges to
> read the file. This is enforced in ptrace_attach but if ptrace
> is already attached before exec there is no enforcement for read-only
> executables.

Given the corner cases being fixed here, it might make sense to add
some simple tests to tools/testing/sefltests/ptrace/ to validate these
changes and avoid future regressions.

Regardless, it'll be nice to have this fixed. :)

-Kees

--
Kees Cook
Nexus Security