|
Message-Id: <1380659178-28605-4-git-send-email-tixxdz@opendz.org> Date: Tue, 1 Oct 2013 21:26:12 +0100 From: Djalal Harouni <tixxdz@...ndz.org> To: "Eric W. Biederman" <ebiederm@...ssion.com>, Kees Cook <keescook@...omium.org>, Al Viro <viro@...iv.linux.org.uk>, Andrew Morton <akpm@...ux-foundation.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Ingo Molnar <mingo@...nel.org>, "Serge E. Hallyn" <serge.hallyn@...ntu.com>, Cyrill Gorcunov <gorcunov@...nvz.org>, David Rientjes <rientjes@...gle.com>, LKML <linux-kernel@...r.kernel.org>, linux-fsdevel@...r.kernel.org, kernel-hardening@...ts.openwall.com Cc: tixxdz@...il.com, Djalal Harouni <tixxdz@...ndz.org> Subject: [PATCH v2 3/9] procfs: Document the proposed solution to protect procfs entries Note the proposed solution to protect sensitive procfs entries as code comment. Cc: Kees Cook <keescook@...omium.org> Suggested-by: Eric W. Biederman <ebiederm@...ssion.com> Signed-off-by: Djalal Harouni <tixxdz@...ndz.org> --- fs/proc/base.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/fs/proc/base.c b/fs/proc/base.c index c29eeae..8d21316 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -102,6 +102,17 @@ * * The classic example of a problem is opening file descriptors * in /proc for a task before it execs a suid executable. + * + * Solution for sensitive files: + * At each system call: open(),read(),write()... Perform the + * ptrace_may_access() check. + * + * After open() and during each system call: read(),write()... + * If the cred of current have changed then perform the + * proc_allow_access() check after the ptrace_may_access() one. + * + * This way we can determine if current has gained more privileges + * by execs a suid executable. */ struct pid_entry { -- 1.7.11.7
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.