Re: question about /proc/<PID>/mem in 2.4

[Marcelo Tosatti]

On Tue, Jul 06, 2004 at 12:14:04PM +0100, Tigran Aivazian wrote:
> On Mon, 5 Jul 2004, FabF wrote:
> > > Surely, the super user (i.e. CAP_SYS_PTRACE in this context) should be 
> > > allowed to read any process' memory without having to do the 
> > > PTRACE_ATTACH/PTRACE_PEEKUSER kind of thing which strace(8) is doing?
> > 
> > FYI may_ptrace_attach plugged somewhere between 2.4.21 & 22.This one get
> > used as is (ie without MAY_PTRACE) in proc_pid_environ but dunno about
> > reason why CAP_SYS_PTRACE isn't authoritative elsewhere.
> 
> Ok, but still nobody seems to know why the super user is not allowed to
> access /proc/<PID>/mem of any task. Any code which nobody in the world
> knows the reason for, is broken and should be removed.
> 
> I will wait a few weeks to see if someone does come up with the reason for
> that "extra secure" check in mem_read() and if nobody has objections I'll
> send Linus a patch to relax the check to a more reasonable one, namely to
> allow CAP_SYS_PTRACE process to bypass any other conditions imposed.

Hi Tigran, 

This code was added to stop the ptrace/kmod vulnerabilities. I do not 
fully understand the issues around tsk->is_dumpable and the fix itself,
but I agree on that the checks here could be relaxed for the super user.

However changing it to 

        if (!is_dumpable(task) && !capable(CAP_SYS_PTRACE))
                goto out;

Seems wrong because this will stop always honoring the tsk->is_dumpable flag. (?)

Alan for sure can make the picture clear - he wrote this thing.
                                                                                                                                                                                   

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/