Re: [PATCH 4/6] proc: disable mem_write after exec
From: KOSAKI Motohiro
Date: Wed Mar 09 2011 - 00:22:17 EST
> This change makes mem_write() observe the same constraints as mem_read(). This
> is particularly important for mem_write as an accidental leak of the fd across
> an exec could result in arbitrary modification of the target process' memory.
> IOW, /proc/pid/mem is implicitly close-on-exec.
>
> Signed-off-by: Stephen Wilson <wilsons@xxxxxxxx>
> ---
> fs/proc/base.c | 4 ++++
> 1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/fs/proc/base.c b/fs/proc/base.c
> index 9d096e8..e52702d 100644
> --- a/fs/proc/base.c
> +++ b/fs/proc/base.c
> @@ -848,6 +848,10 @@ static ssize_t mem_write(struct file * file, const char __user *buf,
> if (check_mem_permission(task))
> goto out;
>
> + copied = -EIO;
> + if (file->private_data != (void *)((long)current->self_exec_id))
> + goto out;
> +
I agree.
Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@xxxxxxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/