Date: Mon, 16 Jan 2017 14:23:02 +0100 From: Djalal Harouni <tixxdz@...il.com> To: linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com Cc: Andrew Morton <akpm@...ux-foundation.org>, Kees Cook <keescook@...omium.org>, Lafcadio Wluiki <wluikil@...il.com>, Djalal Harouni <tixxdz@...il.com> Subject: [PATCH v4 0/2] procfs/tasks: introduce per-task procfs hidepid= field From: Djalal Harouni <tixxdz@...il.com> Hi, I'm sending this series again based on Lafcadio's previous patches. I have also fixed some issues and tested the code. This adds a new per-task hidepid= flag that is honored by procfs when presenting /proc to the user, in addition to the existing hidepid= mount option. One suggested change to add 'ns_capable(CAP_SYS_ADMIN)||no_new_privs' test before setting the hidepid was not included in this series, however I can add it. This change was not incorporated since it may be good for some setuid or even file capabilities programs to not access /proc, yes this may influence setuid programs but I am not sure if this is really a problem in this case. As stated I can add it if requested. Thanks! v4 changes: Patch 0001 procfs: use an enum for possible hidepid values * Was already acked and proposed to be added to -mm branch. Patch 0002 procfs/tasks: add a simple per-task procfs hidepid= field * Document HidePid in Documentation/filesystem/proc.txt * Switch to max() as suggested by Kees Cook. * Fix compiler warnings * Check all prctl() arguments and fail if unused ones are set. * Make PR_GET_HIDEPID return the task hidpid value as a result of prctl() syscall.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.