Kernel Newbies archive on lore.kernel.org
 help / color / Atom feed
* Why some user space programs write to writable pages of other processes?
@ 2019-08-26  9:32 Lev Olshvang
  2019-08-26 10:34 ` Bharath Vedartham
  0 siblings, 1 reply; 2+ messages in thread
From: Lev Olshvang @ 2019-08-26  9:32 UTC (permalink / raw)
  To: kernelnewbies

[-- Attachment #1: Type: text/html, Size: 2034 bytes --]

<div> </div><div> </div><div>I am in the process of developing patch to restrict process ability to write to other process read-only patch.</div><div> </div><div>I have sent this patch to kernel-hardening list and waiting for a comments (this is my first patch to kernel)</div><div>https://www.openwall.com/lists/kernel-hardening/2019/08/24/1</div><div> </div><div> </div><div>Meanwhie I started to explore idea of restricting  process from writes to write enabled  pages of another process vma.</div><div> </div><div>To my surprise ( I am not such esperienced) many processes , systemd-journal, Xorg, dbus-server, konsole were caught by highlkighted if below, but  system continues to WORK NORMALLY !</div><div> </div><div>Can somedody to comment please ?</div><div> </div><div>Here is the code snippet of function arch_vma_access_permitted()</div><div><div>static inline bool arch_vma_access_permitted(struct vm_area_struct *vma,</div><div>                bool write, bool execute, bool foreign)</div><div>{<!-- --></div><div> </div><div> </div><div>        /* Forbid write to PROT_READ pages of foreign process */</div><div>        if (write &amp;&amp; foreign &amp;&amp; (!(vma-&gt;vm_flags &amp; VM_WRITE)))</div><div>                return false;</div><div>        <strong>/* Forbid write to write-enabled of foreign process */</strong></div><div><strong>        if (current-&gt;mm &amp;&amp;  current-&gt;mm != vma-&gt;vm_mm){<!-- --></strong></div><div><strong>                if (current-&gt;in_execve) {<!-- --></strong></div><div><strong>                return true;</strong></div><div><strong>                }</strong></div><div><strong>        </strong></div><div><strong>                pr_err("FOREIGN WRITE? current-&gt;mm != vma-&gt;vm_mm pid %d \n", current-&gt;pid);</strong></div><div><strong>                return false;</strong></div><div><strong>        }</strong></div><div> </div><div> </div><div> </div></div>

[-- Attachment #2: Type: text/plain, Size: 170 bytes --]

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Why some user space programs write to writable pages of other processes?
  2019-08-26  9:32 Why some user space programs write to writable pages of other processes? Lev Olshvang
@ 2019-08-26 10:34 ` Bharath Vedartham
  0 siblings, 0 replies; 2+ messages in thread
From: Bharath Vedartham @ 2019-08-26 10:34 UTC (permalink / raw)
  To: Lev Olshvang; +Cc: kernelnewbies

On Mon, Aug 26, 2019 at 12:32:03PM +0300, Lev Olshvang wrote:
> <div> </div><div> </div><div>I am in the process of developing patch to restrict process ability to write to other process read-only patch.</div><div> </div><div>I have sent this patch to kernel-hardening list and waiting for a comments (this is my first patch to kernel)</div><div>https://www.openwall.com/lists/kernel-hardening/2019/08/24/1</div><div> </div><div> </div><div>Meanwhie I started to explore idea of restricting  process from writes to write enabled  pages of another process vma.</div><div> </div><div>To my surprise ( I am not such esperienced) many processes , systemd-journal, Xorg, dbus-server, konsole were caught by highlkighted if below, but  system continues to WORK NORMALLY !</div><div> </div><div>Can somedody to comment please ?</div><div> </div><div>Here is the code snippet of function arch_vma_access_permitted()</div><div><div>static inline bool arch_vma_access_permitted(struct vm_area_struct *vma,</div><div>                bool write, bool execute, bool foreign)</div><div>{<!-- --></div><div> </div><div> </div><div>        /* Forbid write to PROT_READ pages of foreign process */</div><div>        if (write &amp;&amp; foreign &amp;&amp; (!(vma-&gt;vm_flags &amp; VM_WRITE)))</div><div>                return false;</div><div>        <strong>/* Forbid write to write-enabled of foreign process */</strong></div><div><strong>        if (current-&gt;mm &amp;&amp;  current-&gt;mm != vma-&gt;vm_mm){<!-- --></strong></div><div><strong>                if (current-&gt;in_execve) {<!-- --></strong></div><div><strong>                return true;</strong></div><div><strong>                }</strong></div><div><strong>        </strong></div><div><strong>                pr_err("FOREIGN WRITE? current-&gt;mm != vma-&gt;vm_mm pid %d \n", current-&gt;pid);</strong></div><div><strong>                return false;</strong></div><div><strong>        }</strong></div><div> </div><div> </div><div> </div></div>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies@kernelnewbies.org
> https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Hi Lev,

You sent this email as a html email rather than plain text. The only
thing that appears on my mutt mail client is a bunch of gibberish html.

You should send mails to the mailing lists by a plain text client like
mutt, thunderbird etc.

Thank you
Bharath


_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-26  9:32 Why some user space programs write to writable pages of other processes? Lev Olshvang
2019-08-26 10:34 ` Bharath Vedartham

Kernel Newbies archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/kernelnewbies/0 kernelnewbies/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 kernelnewbies kernelnewbies/ https://lore.kernel.org/kernelnewbies \
		kernelnewbies@kernelnewbies.org
	public-inbox-index kernelnewbies

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernelnewbies.kernelnewbies


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git