* Why some user space programs write to writable pages of other processes?
@ 2019-08-26 9:32 Lev Olshvang
2019-08-26 10:34 ` Bharath Vedartham
0 siblings, 1 reply; 2+ messages in thread
From: Lev Olshvang @ 2019-08-26 9:32 UTC (permalink / raw)
To: kernelnewbies
[-- Attachment #1: Type: text/html, Size: 2034 bytes --]
[-- Attachment #2: Type: text/plain, Size: 170 bytes --]
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Why some user space programs write to writable pages of other processes?
2019-08-26 9:32 Why some user space programs write to writable pages of other processes? Lev Olshvang
@ 2019-08-26 10:34 ` Bharath Vedartham
0 siblings, 0 replies; 2+ messages in thread
From: Bharath Vedartham @ 2019-08-26 10:34 UTC (permalink / raw)
To: Lev Olshvang; +Cc: kernelnewbies
On Mon, Aug 26, 2019 at 12:32:03PM +0300, Lev Olshvang wrote:
> <div> </div><div> </div><div>I am in the process of developing patch to restrict process ability to write to other process read-only patch.</div><div> </div><div>I have sent this patch to kernel-hardening list and waiting for a comments (this is my first patch to kernel)</div><div>https://www.openwall.com/lists/kernel-hardening/2019/08/24/1</div><div> </div><div> </div><div>Meanwhie I started to explore idea of restricting process from writes to write enabled pages of another process vma.</div><div> </div><div>To my surprise ( I am not such esperienced) many processes , systemd-journal, Xorg, dbus-server, konsole were caught by highlkighted if below, but system continues to WORK NORMALLY !</div><div> </div><div>Can somedody to comment please ?</div><div> </div><div>Here is the code snippet of function arch_vma_access_permitted()</div><div><div>static inline bool arch_vma_access_permitted(struct vm_area_struct *vma,</div><div> bool write, bool execute, bool foreign)</div><div>{<!-- --></div><div> </div><div> </div><div> /* Forbid write to PROT_READ pages of foreign process */</div><div> if (write && foreign && (!(vma->vm_flags & VM_WRITE)))</div><div> return false;</div><div> <strong>/* Forbid write to write-enabled of foreign process */</strong></div><div><strong> if (current->mm && current->mm != vma->vm_mm){<!-- --></strong></div><div><strong> if (current->in_execve) {<!-- --></strong></div><div><strong> return true;</strong></div><div><strong> }</strong></div><div><strong> </strong></div><div><strong> pr_err("FOREIGN WRITE? current->mm != vma->vm_mm pid %d \n", current->pid);</strong></div><div><strong> return false;</strong></div><div><strong> }</strong></div><div> </div><div> </div><div> </div></div>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies@kernelnewbies.org
> https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
Hi Lev,
You sent this email as a html email rather than plain text. The only
thing that appears on my mutt mail client is a bunch of gibberish html.
You should send mails to the mailing lists by a plain text client like
mutt, thunderbird etc.
Thank you
Bharath
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-08-26 10:36 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-26 9:32 Why some user space programs write to writable pages of other processes? Lev Olshvang
2019-08-26 10:34 ` Bharath Vedartham
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).