Allowing unprivileged users to read /proc/slabinfo represents a security risk, since revealing details of slab allocations can expose information that is useful when exploiting kernel heap corruption issues. This is evidenced by observing that nearly all recent public exploits for heap issues rely on feedback from /proc/slabinfo to manipulate heap layout into an exploitable state. Changing the permissions on this file to 0400 by default will make heap corruption issues more difficult to exploit. Ordinary usage should not require unprivileged users to debug the running kernel; if this ability is required, an admin can always chmod the file appropriately. Signed-off-by: Dan Rosenberg <drosenberg@xxxxxxxxxxxxx> --- mm/slab.c | 3 ++- mm/slub.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/mm/slab.c b/mm/slab.c index 37961d1..7f719f6 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -4535,7 +4535,8 @@ static const struct file_operations proc_slabstats_operations = { static int __init slab_proc_init(void) { - proc_create("slabinfo",S_IWUSR|S_IRUGO,NULL,&proc_slabinfo_operations); + proc_create("slabinfo", S_IWUSR|S_IRUSR, NULL, + &proc_slabinfo_operations); #ifdef CONFIG_DEBUG_SLAB_LEAK proc_create("slab_allocators", 0, NULL, &proc_slabstats_operations); #endif diff --git a/mm/slub.c b/mm/slub.c index e15aa7f..5f57834 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -4691,7 +4691,7 @@ static const struct file_operations proc_slabinfo_operations = { static int __init slab_proc_init(void) { - proc_create("slabinfo", S_IRUGO, NULL, &proc_slabinfo_operations); + proc_create("slabinfo", S_IRUSR, NULL, &proc_slabinfo_operations); return 0; } module_init(slab_proc_init); -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxxx For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a>