Date: Wed, 2 Nov 2016 05:42:41 +0200 From: Marian Marinov <mm-l@...u.biz> To: kernel-hardening@...ts.openwall.com Subject: Legitimate use of /proc/PID/mem,maps and smaps Hi guys, after dirtyCoW me and colleges of mine started discussing different vectors of exploiting applications and we noticed that a lot of the exploits we were discussing relied on /proc/PID/mem or mpas or smaps to be readable by the same user. We started thinking of legitimate use of these files (lsof, gdb with plugins and valgrind). Are there any other legitimate users of these files, maybe X? I'm considering writing a patch, which will make sure that nobody, even the owner of the process, can't open these files and only root or users with CAP_DAC_OVERRIDE and/or CAP_SYS_ADMIN can see these files. For everyone that is not root and lacks DAC_OVERRIDE and SYS_ADMIN the files should not exists. What do you think about this? Best regards, Marian
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.