I am in the process of developing patch to restrict process ability to write to other process read-only patch.
I have sent this patch to kernel-hardening list and waiting for a comments (this is my first patch to kernel)
https://www.openwall.com/lists/kernel-hardening/2019/08/24/1
Meanwhie I started to explore idea of restricting process from writes to write enabled pages of another process vma.
To my surprise ( I am not such esperienced) many processes , systemd-journal, Xorg, dbus-server, konsole were caught by highlkighted if below, but system continues to WORK NORMALLY !
Can somedody to comment please ?
Here is the code snippet of function arch_vma_access_permitted()
static inline bool arch_vma_access_permitted(struct vm_area_struct *vma,
bool write, bool execute, bool foreign)
{
/* Forbid write to PROT_READ pages of foreign process */
if (write && foreign && (!(vma->vm_flags & VM_WRITE)))
return false;
/* Forbid write to write-enabled of foreign process */
if (current->mm && current->mm != vma->vm_mm){
if (current->in_execve) {
return true;
}
pr_err("FOREIGN WRITE? current->mm != vma->vm_mm pid %d \n", current->pid);
return false;
}
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
