Add the "proc_pid_mem" sysctl to control whether or not /proc/pid/mem is
allowed to work: 0: disabled, 1: read only, 2: read/write.
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
---
Documentation/sysctl/kernel.txt | 14 ++++++++++++++
fs/proc/base.c | 11 +++++++++++
kernel/sysctl.c | 14 ++++++++++++++
3 files changed, 39 insertions(+), 0 deletions(-)
diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
index 8c20fbd..6d52dba 100644
--- a/Documentation/sysctl/kernel.txt
+++ b/Documentation/sysctl/kernel.txt
@@ -56,6 +56,7 @@ show up in /proc/sys/kernel:
- printk_delay
- printk_ratelimit
- printk_ratelimit_burst
+- proc_pid_mem
- randomize_va_space
- real-root-dev ==> Documentation/initrd.txt
- reboot-cmd [ SPARC only ]
@@ -477,6 +478,19 @@ send before ratelimiting kicks in.
==============================================================
+proc_pid_mem:
+
+This option can be used to select the level of access given to potential
+ptracers when using the per-process "mem" file in /proc/pid/mem.
+
+0 - Disable entirely.
+
+1 - Allow potential ptracers read access to process memory, but not writes.
+
+2 - Allow potential ptracers read and write access to process memory.
+
+==============================================================
+
randomize_va_space:
This option can be used to select the type of process address
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 9cde9ed..35f4651 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -109,6 +109,8 @@ struct pid_entry {
union proc_op op;
};
+int sysctl_proc_pid_mem = 2;
+
#define NOD(NAME, MODE, IOP, FOP, OP) { \
.name = (NAME), \
.len = sizeof(NAME) - 1, \
@@ -702,6 +704,9 @@ static int mem_open(struct inode* inode, struct file* file)
struct task_struct *task = get_proc_task(file->f_path.dentry->d_inode);
struct mm_struct *mm;
+ if (sysctl_proc_pid_mem < 1)
+ return -EACCES;
+
if (!task)
return -ESRCH;
@@ -726,6 +731,9 @@ static ssize_t mem_read(struct file * file, char __user * buf,
unsigned long src = *ppos;
struct mm_struct *mm = file->private_data;
+ if (sysctl_proc_pid_mem < 1)
+ return -EACCES;
+
if (!mm)
return 0;
@@ -770,6 +778,9 @@ static ssize_t mem_write(struct file * file, const char __user *buf,
unsigned long dst = *ppos;
struct mm_struct *mm = file->private_data;
+ if (sysctl_proc_pid_mem < 2)
+ return -EACCES;
+
if (!mm)
return 0;
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index f487f25..dda911f 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -109,6 +109,9 @@ extern int sysctl_nr_trim_pages;
#ifdef CONFIG_BLOCK
extern int blk_iopoll_enabled;
#endif
+#ifdef CONFIG_PROC_FS
+extern int sysctl_proc_pid_mem;
+#endif
/* Constants used for minimum and maximum */
#ifdef CONFIG_LOCKUP_DETECTOR
@@ -1004,6 +1007,17 @@ static struct ctl_table kern_table[] = {
.proc_handler = proc_dointvec,
},
#endif
+#ifdef CONFIG_PROC_FS
+ {
+ .procname = "proc_pid_mem",
+ .data = &sysctl_proc_pid_mem,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_minmax,
+ .extra1 = &zero,
+ .extra2 = &two,
+ },
+#endif
{ }
};
--
1.7.0.4
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
