On Mon, Jan 26, 2015 at 10:50:23PM -0800, Andrew Morton wrote: > On Tue, 27 Jan 2015 09:46:47 +0300 Cyrill Gorcunov <gorcunov@xxxxxxxxx> wrote: > > > > There's one other problem here: we're assuming that the map_files > > > implementation doesn't have bugs. If it does have bugs then relaxing > > > permissions like this will create new vulnerabilities. And the > > > map_files implementation is surprisingly complex. Is it bug-free? > > > > I didn't find any bugs in map-files (and we use it for long time already) > > so I think it is safe. > > You've been using map_files the way it was supposed to be used so no, > any bugs won't show up. What happens if you don your evil black hat > and use map_files in ways that weren't anticipated? Attack it? Hard to say, Andrew. If I found a way to exploit this feature for bad purpose for sure I would patch it out. At the moment I don't see any. Touching another process memory via file descriptor allows one to modify its contents but you have to be granted ptrace-may-access which i consider as enough for security. -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
