leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
35a35046e4
linux/fs/proc
History
Djalal Harouni 35a35046e4 procfs: make /proc/*/{stack,syscall,personality} 0400 
These procfs files contain sensitive information and currently their
mode is 0444.  Change this to 0400, so the VFS will be able to block
unprivileged processes from getting file descriptors on arbitrary
privileged /proc/*/{stack,syscall,personality} files.

This reduces the scope of ASLR leaking and bypasses by protecting already
running processes.

Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Andy Lutomirski <luto@amacapital.net>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-04-07 16:36:04 -07:00
..
array.c fs/proc/array.c: change do_task_stat() to use while_each_thread() 2014-01-23 16:37:02 -08:00
base.c procfs: make /proc/*/{stack,syscall,personality} 0400 2014-04-07 16:36:04 -07:00
cmdline.c fs/proc: don't use module_init for non-modular core code 2014-01-23 16:37:02 -08:00
consoles.c fs/proc: don't use module_init for non-modular core code 2014-01-23 16:37:02 -08:00
cpuinfo.c fs/proc: don't use module_init for non-modular core code 2014-01-23 16:37:02 -08:00
devices.c fs/proc: don't use module_init for non-modular core code 2014-01-23 16:37:02 -08:00
fd.c proc: show mnt_id in /proc/pid/fdinfo 2014-04-07 16:36:04 -07:00
fd.h proc: Move proc_fd() to fs/proc/fd.h 2013-05-01 17:29:39 -04:00
generic.c proc: set attributes of pde using accessor functions 2014-01-23 16:37:01 -08:00
inode.c fs/proc/inode.c: use RCU_INIT_POINTER(x, NULL) 2014-04-07 16:36:04 -07:00
internal.h of: remove /proc/device-tree 2014-03-11 20:48:32 +00:00
interrupts.c fs/proc: don't use module_init for non-modular core code 2014-01-23 16:37:02 -08:00
Kconfig kcore: add Kconfig help text 2013-11-13 12:09:33 +09:00
kcore.c fs/proc: don't use module_init for non-modular core code 2014-01-23 16:37:02 -08:00
kmsg.c fs/proc: don't use module_init for non-modular core code 2014-01-23 16:37:02 -08:00
loadavg.c fs/proc: don't use module_init for non-modular core code 2014-01-23 16:37:02 -08:00
Makefile of: remove /proc/device-tree 2014-03-11 20:48:32 +00:00
meminfo.c fs/proc/meminfo: meminfo_proc_show(): fix typo in comment 2014-04-07 16:36:04 -07:00
namespaces.c consolidate simple ->d_delete() instances 2013-11-15 22:04:17 -05:00
nommu.c fs/proc: don't use module_init for non-modular core code 2014-01-23 16:37:02 -08:00
page.c mm: close PageTail race 2014-03-04 07:55:47 -08:00
proc_net.c [readdir] convert procfs 2013-06-29 12:56:32 +04:00
proc_sysctl.c Don't pass inode to ->d_hash() and ->d_compare() 2013-06-29 12:57:36 +04:00
proc_tty.c proc: use seq_puts()/seq_putc() where possible 2011-01-13 08:03:16 -08:00
root.c Major changes for 3.14 include support for the newly added ZERO_RANGE 2014-04-04 15:39:39 -07:00
self.c new helper: kfree_put_link() 2013-10-24 23:34:49 -04:00
softirqs.c fs/proc: don't use module_init for non-modular core code 2014-01-23 16:37:02 -08:00
stat.c cputime: Default implementation of nsecs -> cputime conversion 2014-03-13 15:56:43 +01:00
task_mmu.c mm: per-thread vma caching 2014-04-07 16:35:53 -07:00
task_nommu.c seq_file: remove "%n" usage from seq_file users 2013-11-15 09:32:20 +09:00
uptime.c cputime: Default implementation of nsecs -> cputime conversion 2014-03-13 15:56:43 +01:00
version.c fs/proc: don't use module_init for non-modular core code 2014-01-23 16:37:02 -08:00
vmcore.c vmcore: prevent PT_NOTE p_memsz overflow during header update 2014-02-10 16:01:40 -08:00