From: Arjan van de Ven <arjan@infradead.org>
To: Albert Cahalan <acahalan@gmail.com>
Cc: "Albert D. Cahalan" <acahalan@cs.uml.edu>,
Al Viro <viro@ftp.linux.org.uk>,
linux-kernel@vger.kernel.org, akpm@osdl.org
Subject: Re: [PATCH 4/4] pmap: reduced permissions
Date: Mon, 23 Jan 2006 10:41:45 +0100 [thread overview]
Message-ID: <1138009305.2977.28.camel@laptopd505.fenrus.org> (raw)
In-Reply-To: <787b0d920601230128o5a12513fjae3708e3fb552dca@mail.gmail.com>
On Mon, 2006-01-23 at 04:28 -0500, Albert Cahalan wrote:
> On 1/23/06, Arjan van de Ven <arjan@infradead.org> wrote:
> > On Sun, 2006-01-22 at 17:19 -0500, Albert D. Cahalan wrote:
> > > This patch changes all 3 remaining maps files to be readable
> > > only for the file owner. There have been privacy concerns.
> > >
> > > Fedora Core 4 has been shipping with such permissions on
> > > the /proc/*/maps file already. General system monitoring
> > > tools seldom use these files.
> >
> > changing /maps to 0400 breaks glibc; there are cases where this would
> > lead to /proc/self/maps to be not readable (setuid like apps) so this
> > needs a more elaborate fix.
>
> Wow. Well, that's why I put the patch last in the series.
> The other 3 don't depend on it at all.
>
> I tend to think that glibc should not be reading this file.
> What excuse is there?
glibc needs to be able to find out if a certain address is writable. (eg
mapped "w"). The only way available for that is... reading the maps
file.
> In any case, the many existing statically linked executables
> do cause trouble. Setuid apps are the ones you'd most want
> to protect.
for this 0400 isn't enough; because you can open this file, send the fd
over a unix socket, and then exec. The process you sent the fd to can
then read the setuid's program maps file.
This thing is all a bit more complex than just the file mode ;(
next prev parent reply other threads:[~2006-01-23 9:41 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-01-22 22:19 [PATCH 4/4] pmap: reduced permissions Albert D. Cahalan
2006-01-23 6:10 ` Arjan van de Ven
2006-01-23 9:28 ` Albert Cahalan
2006-01-23 9:41 ` Arjan van de Ven [this message]
2006-01-23 10:20 ` Albert Cahalan
2006-01-25 23:47 ` Nix
2006-01-26 1:45 ` Albert Cahalan
2006-01-26 7:21 ` Arjan van de Ven
2006-01-26 7:54 ` Nix
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1138009305.2977.28.camel@laptopd505.fenrus.org \
--to=arjan@infradead.org \
--cc=acahalan@cs.uml.edu \
--cc=acahalan@gmail.com \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@ftp.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).