Date: Wed, 2 Nov 2016 22:30:08 -0400 From: Dave Tian <dave.jing.tian@...il.com> To: kernel-hardening@...ts.openwall.com Cc: Adam Sampson <ats@...og.org> Subject: Re: Legitimate use of /proc/PID/mem,maps and smaps On Nov 2, 2016, at 8:54 PM, Marian Marinov <mm-l@...u.biz> wrote: > > On 11/02/2016 06:10 PM, Adam Sampson wrote: >> Marian Marinov <mm-l@...u.biz> writes: >> >>> Are there any other legitimate users of these files, maybe X? >> This is the kind of question that Debian Code Search is useful for >> (although it's not exhaustive): >> https://codesearch.debian.net/search?q=%2Fproc%2Fself%2Fmem&perpkg=1 >> https://codesearch.debian.net/search?q=%2Fproc%2Fself%2Fmaps&perpkg=1 >> https://codesearch.debian.net/search?q=%2Fproc%2Fself%2Fsmaps&perpkg=1 >> >> >From my bug-hunting experience, programs use /proc/self/maps for all >> sorts of weird things -- e.g. working out the full path of the >> executable, or what version of a shared library they've been linked >> against, or guessing whether some random value is a valid pointer. Many >> have embedded copies of code from gettext or BinReloc that uses it. >> >> On the other hand, many of these don't actually need all the information >> in /proc/self/maps, so you could get away with a simplified version that >> only had valid filenames. >> > Hmm I probably did not explained what I want. I know I can not (easily)limit a program to access its own memory(that would be stupid). > > Pretend that user joe is running top and his top has pid of 1154. Now joe runs a php script and that script wants to open /proc/1154/maps and so on. > > I believe that the kernel should not allow the php process(even thou it is from the same user to read those files, that are private to the top application). Actually I would like to make them invisible for all processes and users except the program that is the actual owner of the files and privileges users. > > Does that seam logical to you guys? > > > Marian Sounds reasonable. However, this still does not solve the dirty cow case where a thread is able to access its own mem to access whatever shared by the main thread. -daveti Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.