On Thu, Nov 17, 2016 at 2:50 PM, Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote: > > It is the reasonable expectation that if an executable file is not > readable there will be no way for a user without special privileges to > read the file. This is enforced in ptrace_attach but if ptrace > is already attached before exec there is no enforcement for read-only > executables. Given the corner cases being fixed here, it might make sense to add some simple tests to tools/testing/sefltests/ptrace/ to validate these changes and avoid future regressions. Regardless, it'll be nice to have this fixed. :) -Kees -- Kees Cook Nexus Security _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
