On Thursday, July 18, 2024 03:04 EEST, Linus Torvalds
wrote:
> On Wed, 17 Jul 2024 at 15:24, Kees Cook wrote:
> >
> > > In particular, this patch would make it easy to make that
> > > SECURITY_PROC_MEM_RESTRICT_FOLL_FORCE config option be a "choice"
> > > where you pick "never, ptrace, always"
On Wed, 17 Jul 2024 at 15:24, Kees Cook wrote:
>
> > In particular, this patch would make it easy to make that
> > SECURITY_PROC_MEM_RESTRICT_FOLL_FORCE config option be a "choice"
> > where you pick "never, ptrace, always" by just changing the rules in
> > proc_is_ptracing().
>
> So the original
On Wed, Jul 17, 2024 at 11:16:56AM -0700, Linus Torvalds wrote:
> On Wed, 17 Jul 2024 at 10:23, Kees Cook wrote:
> >
> > For this to be available for general distros, I still want to have a
> > bootparam to control this, otherwise this mitigation will never see much
> > testing as most kernel depl
On Wed, Jul 17, 2024 at 01:53:35PM -0700, Eric Biggers wrote:
> On Wed, Jul 17, 2024 at 02:13:58PM +0300, Adrian Ratiu wrote:
> > +config SECURITY_PROC_MEM_RESTRICT_FOLL_FORCE
> > + bool "Remove FOLL_FORCE usage from /proc/pid/mem writes"
> > + default n
> > + help
> > + This restricts FO
On Wed, Jul 17, 2024 at 02:13:58PM +0300, Adrian Ratiu wrote:
> +config SECURITY_PROC_MEM_RESTRICT_FOLL_FORCE
> + bool "Remove FOLL_FORCE usage from /proc/pid/mem writes"
> + default n
> + help
> + This restricts FOLL_FORCE flag usage in procfs mem write calls
> + because it
On Wed, 17 Jul 2024 at 10:23, Kees Cook wrote:
>
> For this to be available for general distros, I still want to have a
> bootparam to control this, otherwise this mitigation will never see much
> testing as most kernel deployments don't build their own kernels. A
> simple __ro_after_init variable
On Wed, Jul 17, 2024 at 02:13:58PM +0300, Adrian Ratiu wrote:
> This simple Kconfig option removes the FOLL_FORCE flag from
> procfs write calls because it can be abused.
For this to be available for general distros, I still want to have a
bootparam to control this, otherwise this mitigation will
This simple Kconfig option removes the FOLL_FORCE flag from
procfs write calls because it can be abused.
Enabling it breaks some debuggers like GDB so it defaults off.
Previously we tried a more sophisticated approach allowing
distributions to fine-tune proc/pid/mem behaviour via both
kconfig and
