Re: [PATCH] proc: do not allow negative offsets on/proc/<pid>/environ

From: Oleg Nesterov
Date: Sun Jul 22 2012 - 16:03:47 EST

On 07/22, Djalal Harouni wrote:
> __mem_open() which is called by both /proc/<pid>/environ and
> /proc/<pid>/mem ->open() handlers will allow the use of negative offsets.
> /proc/<pid>/mem has negative offsets but not /proc/<pid>/environ.

Probablt the patch makes sense, but I can't understand the changelog...

> Allowing negative offsets on /proc/<pid>/environ can turn it to act like
> /proc/<pid>/mem. A negative offset will pass the
> fs/read_write.c:lseek_execute() and the environ_read() checks and will
> point to another VMA.

which VMA?

environ_read() can only read the memory from [env_start, env_end], and
it should check *ppos anyway to ensure it doesn't read something else.

> static int mem_open(struct inode *inode, struct file *file)
> {
> - return __mem_open(inode, file, PTRACE_MODE_ATTACH);
> + int ret = __mem_open(inode, file, PTRACE_MODE_ATTACH);
> + if (!ret)
> + /* OK to pass negative loff_t, we can catch out-of-range */
> + file->f_mode |= FMODE_UNSIGNED_OFFSET;
> +
> + return ret;

I guess you can set FMODE_UNSIGNED_OFFSET unconditionally, it doesn't
matter if __mem_open() fails. But I won't insist.


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at