Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 10 Mar 2012 16:01:09 -0800
From: Linus Torvalds <>
To: Djalal Harouni <>
	Andrew Morton <>, Al Viro <>, 
	Alexey Dobriyan <>, "Eric W. Biederman" <>, 
	Vasiliy Kulikov <>, Kees Cook <>, 
	Solar Designer <>, WANG Cong <>, 
	James Morris <>, Oleg Nesterov <>,,, 
	Alan Cox <>, Greg KH <>, 
	Ingo Molnar <>, Stephen Wilson <>, "Jason A. Donenfeld" <>
Subject: Re: [PATCH 0/9] proc: protect /proc/<pid>/* files across execve

On Sat, Mar 10, 2012 at 3:25 PM, Djalal Harouni <> wrote:
> 1) Use the target exec_id to bind files to their exec_id task:
> For the REG files /proc/<pid>/{environ,pagemap,mem} we set the exec_id
> of the proc_file_private to the target task, and we continue with
> permission checks at open time, later on each read/write call the
> permission checks are done + check the target exec_id if it equals the
> exec_id of the proc_file_private that was set at open time, in other words
> we bind the file to its task's exec_id, this way new exec programs can not
> operate on the passed fd.

So the exec_id approach was totally broken when it was used for
/proc/<pid>/mem, is there any reason to believe it's a good idea now?

It's entirely predictable, and you can make the exec_id match by
simply forking elsewhere and then passing the fd around using unix
domain sockets, since the exec_id is just updated by incrementing a

I would in general suggest strongly against using exec_id for anything
that involves files. It isn't designed for that, it's designed for the
whole "check the parent exec_id" thing for ptrace, where that whole
"pass things around to another process" approach doesn't work.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.