Re: [PATCH] getrusage sucks

[David Wagner]

Chris Wright  wrote:
>/proc/[pid]/stat. (fs/proc/array.c::do_task_stat).
>
>> Is there any argument
>> that disclosing it to everyone is safe?  Or is it just that no one has
>> ever given the security considerations much thought up till now?
>
>I guess it keeps falling in the "too theoretical" category.  It can be
>protected by policy, but default is open.

Ahh, I see.  I had never looked at /proc/[pid]/stat carefully before.

Well, making /proc/[pid]/stat world-readable by default looks pretty
dubious to me.  There's all sorts of stuff there that I suspect should
not be revealed: EIP, stack pointer, stats on paging and swapping, and
so on.  I suspect that this is not at all safe.  Most crypto algorithms
tend to fall apart when you have side channels like this.

Maybe no one cares, because no one uses Linux in a multi-user setting
where users are motivated to attack each other or attack the system.
But baking this kind of "privilege escalation" vulnerability into the
kernel by default doesn't seem like a good idea to me.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/