Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-17 17:41:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
dfccbb5e49
linux/fs/proc
History
Djalal Harouni 32ed74a4b9 procfs: make /proc/*/pagemap 0400 
The /proc/*/pagemap contain sensitive information and currently its mode
is 0444.  Change this to 0400, so the VFS will prevent unprivileged
processes from getting file descriptors on arbitrary privileged
/proc/*/pagemap files.

This reduces the scope of address space leaking and bypasses by protecting
already running processes.

Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Andy Lutomirski <luto@amacapital.net>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-04-07 16:36:05 -07:00
..
array.c fs/proc/array.c: change do_task_stat() to use while_each_thread() 2014-01-23 16:37:02 -08:00
base.c procfs: make /proc/*/pagemap 0400 2014-04-07 16:36:05 -07:00
cmdline.c fs/proc: don't use module_init for non-modular core code 2014-01-23 16:37:02 -08:00
consoles.c fs/proc: don't use module_init for non-modular core code 2014-01-23 16:37:02 -08:00
cpuinfo.c fs/proc: don't use module_init for non-modular core code 2014-01-23 16:37:02 -08:00
devices.c fs/proc: don't use module_init for non-modular core code 2014-01-23 16:37:02 -08:00
fd.c proc: show mnt_id in /proc/pid/fdinfo 2014-04-07 16:36:04 -07:00
fd.h proc: Move proc_fd() to fs/proc/fd.h 2013-05-01 17:29:39 -04:00
generic.c proc: set attributes of pde using accessor functions 2014-01-23 16:37:01 -08:00
inode.c fs/proc/inode.c: use RCU_INIT_POINTER(x, NULL) 2014-04-07 16:36:04 -07:00
internal.h of: remove /proc/device-tree 2014-03-11 20:48:32 +00:00
interrupts.c fs/proc: don't use module_init for non-modular core code 2014-01-23 16:37:02 -08:00
Kconfig kcore: add Kconfig help text 2013-11-13 12:09:33 +09:00
kcore.c fs/proc: don't use module_init for non-modular core code 2014-01-23 16:37:02 -08:00
kmsg.c fs/proc: don't use module_init for non-modular core code 2014-01-23 16:37:02 -08:00
loadavg.c fs/proc: don't use module_init for non-modular core code 2014-01-23 16:37:02 -08:00
Makefile of: remove /proc/device-tree 2014-03-11 20:48:32 +00:00
meminfo.c fs/proc/meminfo: meminfo_proc_show(): fix typo in comment 2014-04-07 16:36:04 -07:00
namespaces.c consolidate simple ->d_delete() instances 2013-11-15 22:04:17 -05:00
nommu.c fs/proc: don't use module_init for non-modular core code 2014-01-23 16:37:02 -08:00
page.c mm: close PageTail race 2014-03-04 07:55:47 -08:00
proc_net.c [readdir] convert procfs 2013-06-29 12:56:32 +04:00
proc_sysctl.c Don't pass inode to ->d_hash() and ->d_compare() 2013-06-29 12:57:36 +04:00
proc_tty.c proc: use seq_puts()/seq_putc() where possible 2011-01-13 08:03:16 -08:00
root.c Major changes for 3.14 include support for the newly added ZERO_RANGE 2014-04-04 15:39:39 -07:00
self.c new helper: kfree_put_link() 2013-10-24 23:34:49 -04:00
softirqs.c fs/proc: don't use module_init for non-modular core code 2014-01-23 16:37:02 -08:00
stat.c cputime: Default implementation of nsecs -> cputime conversion 2014-03-13 15:56:43 +01:00
task_mmu.c mm: per-thread vma caching 2014-04-07 16:35:53 -07:00
task_nommu.c seq_file: remove "%n" usage from seq_file users 2013-11-15 09:32:20 +09:00
uptime.c cputime: Default implementation of nsecs -> cputime conversion 2014-03-13 15:56:43 +01:00
version.c fs/proc: don't use module_init for non-modular core code 2014-01-23 16:37:02 -08:00
vmcore.c vmcore: prevent PT_NOTE p_memsz overflow during header update 2014-02-10 16:01:40 -08:00