Re: [PATCH] proc: add config to block FOLL_FORCE in mem writes

From: Kees Cook
Date: Wed Jul 17 2024 - 17:28:55 EST

Next message: Suren Baghdasaryan: "[PATCH v3 1/1] alloc_tag: outline and export free_reserved_page()"
Previous message: Pawel Dembicki: "[PATCH net-next v2 1/2] net: dsa: vsc73xx: make RGMII delays configurable"
In reply to: Eric Biggers: "Re: [PATCH] proc: add config to block FOLL_FORCE in mem writes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jul 17, 2024 at 01:53:35PM -0700, Eric Biggers wrote:
> On Wed, Jul 17, 2024 at 02:13:58PM +0300, Adrian Ratiu wrote:
> > +config SECURITY_PROC_MEM_RESTRICT_FOLL_FORCE
> > + bool "Remove FOLL_FORCE usage from /proc/pid/mem writes"
> > + default n
> > + help
> > + This restricts FOLL_FORCE flag usage in procfs mem write calls
> > + because it bypasses memory permission checks and can be used by
> > + attackers to manipulate process memory contents that would be
> > + otherwise protected.
> > +
> > + Enabling this will break GDB, gdbserver and other debuggers
> > + which require FOLL_FORCE for basic functionalities.
> > +
> > + If you are unsure how to answer this question, answer N.
>
> FOLL_FORCE is an internal flag, and people who aren't kernel developers aren't
> going to know what it is. Could this option be named and documented in a way
> that would be more understandable to people who aren't kernel developers? What
> is the effect on how /proc/pid/mem behaves?

"Do not bypass RO memory permissions via /proc/$pid/mem writes" ?

--
Kees Cook

Next message: Suren Baghdasaryan: "[PATCH v3 1/1] alloc_tag: outline and export free_reserved_page()"
Previous message: Pawel Dembicki: "[PATCH net-next v2 1/2] net: dsa: vsc73xx: make RGMII delays configurable"
In reply to: Eric Biggers: "Re: [PATCH] proc: add config to block FOLL_FORCE in mem writes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]