On Wed, Jun 12, 2024 at 07:13:41PM +0100, Adrian Ratiu wrote:
> Would macros like the following be acceptable?
> I know it's more verbose but also much easier to understand and it works.
>
> #if IS_ENABLED(CONFIG_PROC_MEM_RESTRICT_OPEN_READ_ALL)
> DEFINE_STATIC_KEY_TRUE_RO(proc_mem_restrict_open_r
On Thursday, June 06, 2024 20:45 EEST, Kees Cook wrote:
> On Wed, Jun 05, 2024 at 07:49:31PM +0300, Adrian Ratiu wrote:
> > + proc_mem.restrict_foll_force= [KNL]
> > + Format: {all | ptracer}
> > + Restricts the use of the FOLL_FORCE flag for
> > /proc/*/mem
On Thursday, June 06, 2024 20:45 EEST, Kees Cook wrote:
> On Wed, Jun 05, 2024 at 07:49:31PM +0300, Adrian Ratiu wrote:
> > + proc_mem.restrict_foll_force= [KNL]
> > + Format: {all | ptracer}
> > + Restricts the use of the FOLL_FORCE flag for
> > /proc/*/mem
On Wed, Jun 05, 2024 at 07:49:31PM +0300, Adrian Ratiu wrote:
> + proc_mem.restrict_foll_force= [KNL]
> + Format: {all | ptracer}
> + Restricts the use of the FOLL_FORCE flag for
> /proc/*/mem access.
> + If restricted, the FOLL_FORCE
Prior to v2.6.39 write access to /proc//mem was restricted,
after which it got allowed in commit 198214a7ee50 ("proc: enable
writing to /proc/pid/mem"). Famous last words from that patch:
"no longer a security hazard". :)
Afterwards exploits started causing drama like [1]. The exploits
using /proc
