On Mon, Jan 26, 2015 at 02:47:31PM +0200, Kirill A. Shutemov wrote: > On Fri, Jan 23, 2015 at 07:15:44PM -0800, Calvin Owens wrote: > > Currently, /proc/<pid>/map_files/ is restricted to CAP_SYS_ADMIN, and > > is only exposed if CONFIG_CHECKPOINT_RESTORE is set. This interface > > is very useful for enumerating the files mapped into a process when > > the more verbose information in /proc/<pid>/maps is not needed. > > > > This patch moves the folder out from behind CHECKPOINT_RESTORE, and > > removes the CAP_SYS_ADMIN restrictions. Following the links requires > > the ability to ptrace the process in question, so this doesn't allow > > an attacker to do anything they couldn't already do before. > > > > Signed-off-by: Calvin Owens <calvinowens@xxxxxx> > > Cc +linux-api@ Looks good to me, thanks! Though I would really appreciate if someone from security camp take a look as well. -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
