On Thu, Nov 17, 2016 at 2:50 PM, Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote: > > It is the reasonable expectation that if an executable file is not > readable there will be no way for a user without special privileges to > read the file. This is enforced in ptrace_attach but if ptrace > is already attached before exec there is no enforcement for read-only > executables. Given the corner cases being fixed here, it might make sense to add some simple tests to tools/testing/sefltests/ptrace/ to validate these changes and avoid future regressions. Regardless, it'll be nice to have this fixed. :) -Kees -- Kees Cook Nexus Security -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>