[PATCH] Make /proc/slabinfo 0400

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Allowing unprivileged users to read /proc/slabinfo represents a security
risk, since revealing details of slab allocations can expose information
that is useful when exploiting kernel heap corruption issues.  This is
evidenced by observing that nearly all recent public exploits for heap
issues rely on feedback from /proc/slabinfo to manipulate heap layout
into an exploitable state.

Changing the permissions on this file to 0400 by default will make heap
corruption issues more difficult to exploit.  Ordinary usage should not
require unprivileged users to debug the running kernel; if this ability
is required, an admin can always chmod the file appropriately.


Signed-off-by: Dan Rosenberg <drosenberg@xxxxxxxxxxxxx>
---
 mm/slab.c |    3 ++-
 mm/slub.c |    2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/mm/slab.c b/mm/slab.c
index 37961d1..7f719f6 100644
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -4535,7 +4535,8 @@ static const struct file_operations proc_slabstats_operations = {
 
 static int __init slab_proc_init(void)
 {
-	proc_create("slabinfo",S_IWUSR|S_IRUGO,NULL,&proc_slabinfo_operations);
+	proc_create("slabinfo", S_IWUSR|S_IRUSR, NULL,
+		    &proc_slabinfo_operations);
 #ifdef CONFIG_DEBUG_SLAB_LEAK
 	proc_create("slab_allocators", 0, NULL, &proc_slabstats_operations);
 #endif
diff --git a/mm/slub.c b/mm/slub.c
index e15aa7f..5f57834 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -4691,7 +4691,7 @@ static const struct file_operations proc_slabinfo_operations = {
 
 static int __init slab_proc_init(void)
 {
-	proc_create("slabinfo", S_IRUGO, NULL, &proc_slabinfo_operations);
+	proc_create("slabinfo", S_IRUSR, NULL, &proc_slabinfo_operations);
 	return 0;
 }
 module_init(slab_proc_init);


--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxxx  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>


[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]