> BTW: no one told me why Linux escaped the *BSD hole whereby you can mess
> with /proc/pid/mem, then exec a suid program, and mess with its memory.
> Anyone?
At least in 2.0.33, mem_read() and mem_write() call get_task(), which
contains the fragment
/*
* allow accesses only under the same circumstances
* that we would allow ptrace to work
*/
if (tsk) {
if (!(tsk->flags & PF_PTRACED)
|| tsk->state != TASK_STOPPED
|| tsk->p_pptr != current)
tsk = NULL;
}
-- Aaron M. Ucko <amu@mit.edu> (finger amu@monk.mit.edu) [Stark raving sane]