On Thu, Nov 17, 2016 at 2:50 PM, Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote: > > It is the reasonable expectation that if an executable file is not > readable there will be no way for a user without special privileges to > read the file. This is enforced in ptrace_attach but if ptrace > is already attached before exec there is no enforcement for read-only > executables. Given the corner cases being fixed here, it might make sense to add some simple tests to tools/testing/sefltests/ptrace/ to validate these changes and avoid future regressions. Regardless, it'll be nice to have this fixed. :) -Kees -- Kees Cook Nexus Security -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
