Re:/proc/*/mem and mmap() security hole?

Chris Evans (chris@ferret.lmh.ox.ac.uk)
Sat, 10 Jan 1998 14:09:47 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Christian Hick: "Re: ISDN and 2.1.x (2.1.78)"
Previous message: Martin Schulze: "Re: lack of raw disk devices"

On Fri, 9 Jan 1998, [ISO-8859-1] Ińaky Pérez González wrote:

> -rw------- 1 inaky inaky 0 Jan 9 13:51 mem
> ^^^^^^^^^^ Only root or me can mmap() this file

I did a brief test, and could not seem to mmap much at all. Anyone care to
post an example?

BTW: Why weren't we vulnerable to the *BSD security hole where a process
can exec() a suid process, and then mess with fd's to /proc/pid/mem? I
know we've disabled /proc/pid/mem writes, but can reads and mmaps be used
for dubious purposes?

BTW2: When I can a /proc/pid/mem that I own, I get a "No such process"
error?! (2.0.x)

Cheers
Chris

Next message: Christian Hick: "Re: ISDN and 2.1.x (2.1.78)"
Previous message: Martin Schulze: "Re: lack of raw disk devices"