The patch titled
proc: document why writing to /proc/pid/mem is a security hazard
has been added to the -mm tree. Its filename is
proc-document-why-writing-to-proc-pid-mem-is-a-security-hazard.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/SubmitChecklist when testing your code ***
See http://userweb.kernel.org/~akpm/stuff/added-to-mm.txt to find
out what to do about this
The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/
------------------------------------------------------
Subject: proc: document why writing to /proc/pid/mem is a security hazard
From: Stephen Wilson <wilsons@xxxxxxxx>
Signed-off-by: Stephen Wilson <wilsons@xxxxxxxx>
Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
fs/proc/base.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff -puN fs/proc/base.c~proc-document-why-writing-to-proc-pid-mem-is-a-security-hazard fs/proc/base.c
--- a/fs/proc/base.c~proc-document-why-writing-to-proc-pid-mem-is-a-security-hazard
+++ a/fs/proc/base.c
@@ -832,7 +832,11 @@ out_no_task:
#define mem_write NULL
#ifndef mem_write
-/* This is a security hazard */
+/*
+ * As implemented, mem_write would be a security hazard if enabled. For
+ * example, the target task could exec a setuid-root binary between the
+ * permission check and the write into memory.
+ */
static ssize_t mem_write(struct file * file, const char __user *buf,
size_t count, loff_t *ppos)
{
_
Patches currently in -mm which might be from wilsons@xxxxxxxx are
proc-document-why-writing-to-proc-pid-mem-is-a-security-hazard.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
