linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Albert Cahalan <acahalan@gmail.com>
To: Arjan van de Ven <arjan@infradead.org>
Cc: "Albert D. Cahalan" <acahalan@cs.uml.edu>,
	Al Viro <viro@ftp.linux.org.uk>,
	linux-kernel@vger.kernel.org, akpm@osdl.org
Subject: Re: [PATCH 4/4] pmap: reduced permissions
Date: Mon, 23 Jan 2006 04:28:33 -0500	[thread overview]
Message-ID: <787b0d920601230128o5a12513fjae3708e3fb552dca@mail.gmail.com> (raw)
In-Reply-To: <1137996654.2977.0.camel@laptopd505.fenrus.org>

On 1/23/06, Arjan van de Ven <arjan@infradead.org> wrote:
> On Sun, 2006-01-22 at 17:19 -0500, Albert D. Cahalan wrote:
> > This patch changes all 3 remaining maps files to be readable
> > only for the file owner. There have been privacy concerns.
> >
> > Fedora Core 4 has been shipping with such permissions on
> > the /proc/*/maps file already. General system monitoring
> > tools seldom use these files.
>
> changing /maps to 0400 breaks glibc; there are cases where this would
> lead to /proc/self/maps to be not readable (setuid like apps) so this
> needs a more elaborate fix.

Wow. Well, that's why I put the patch last in the series.
The other 3 don't depend on it at all.

I tend to think that glibc should not be reading this file.
What excuse is there?

In any case, the many existing statically linked executables
do cause trouble. Setuid apps are the ones you'd most want
to protect. Allowing them to read their own files can cause
plenty of trouble; perhaps you remember the XFree86 config
file bug that exposed the content of files that were not meant
to be readable.

On the other hand, these apps are the ones you'd most want
to recompile with modern tools. (PIE executable, stack canary,
no-execute stack flag, etc.)

I'm actually surprised that processes don't always get to read
their own files. If somebody hacks this up, be sure to base it
on the tgid. (or, better, on the struct mm)

  reply	other threads:[~2006-01-23  9:35 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-01-22 22:19 [PATCH 4/4] pmap: reduced permissions Albert D. Cahalan
2006-01-23  6:10 ` Arjan van de Ven
2006-01-23  9:28   ` Albert Cahalan [this message]
2006-01-23  9:41     ` Arjan van de Ven
2006-01-23 10:20       ` Albert Cahalan
2006-01-25 23:47         ` Nix
2006-01-26  1:45           ` Albert Cahalan
2006-01-26  7:21             ` Arjan van de Ven
2006-01-26  7:54             ` Nix

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=787b0d920601230128o5a12513fjae3708e3fb552dca@mail.gmail.com \
    --to=acahalan@gmail.com \
    --cc=acahalan@cs.uml.edu \
    --cc=akpm@osdl.org \
    --cc=arjan@infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=viro@ftp.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).