[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 0/9] proc: protect /proc/<pid>/* files across execve



Djalal Harouni <tixxdz@xxxxxxxxxx> writes:

> Procfs files and other important objects may contain sensitive information
> which must not be seen, inherited or processed across execve.

So I am dense.  /proc/<pid>/mem was special in that it uses a different
set of checks than other files, and to do those access checks
/proc/<pid>/mem needed to look at exec_id.

For all of the access checks that are not written in that silly way.
What is wrong with ptrace_may_access run at every read/write of a file?

We redo all of the permission checks every time so that should avoid
races.

I really think you are trying to solve something that is not broken.
Certainly I could not see your argument for why anything but
/proc/<pid>/mem needs attention.

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]

Powered by Linux