Re: [patch 142/192] procfs: allow reading fdinfo with PTRACE_MODE_READ

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> writes:

> On Fri, Jul 2, 2021 at 4:31 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>>
>> Right -- the info leak would be snooping on what a privileged process
>> was doing with a given fd? Similar stuff has been used to do typing
>> pattern analysis with login passwords, but that's a stretch here, I
>> think. Hmm.
>
> So I think you'd see the directory list, but generally that's just the
> file descriptor numbers.
>
> Which is information you shouldn't have access to, but it's probably
> not very *interesting* information.
>
> I think it would be worth fixing but possibly not a very high
> priority.

It is not just the directory whose permission changed but the individual
files in that directory.

You can also see the position, flags, mnt_id, and soon inode number
of fdinfo files you open before a suid exec.

Knowing what file someone is reading on a particular file descriptor
number and how far they are in reading that file sounds like a side
channel someone can do something with.

Eric



[Index of Archives]     [Kernel Archive]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux