1
linux/kernel
Kees Cook 5096add84b proc: maps protection
The /proc/pid/ "maps", "smaps", and "numa_maps" files contain sensitive
information about the memory location and usage of processes.  Issues:

- maps should not be world-readable, especially if programs expect any
  kind of ASLR protection from local attackers.
- maps cannot just be 0400 because "-D_FORTIFY_SOURCE=2 -O2" makes glibc
  check the maps when %n is in a *printf call, and a setuid(getuid())
  process wouldn't be able to read its own maps file.  (For reference
  see http://lkml.org/lkml/2006/1/22/150)
- a system-wide toggle is needed to allow prior behavior in the case of
  non-root applications that depend on access to the maps contents.

This change implements a check using "ptrace_may_attach" before allowing
access to read the maps contents.  To control this protection, the new knob
/proc/sys/kernel/maps_protect has been added, with corresponding updates to
the procfs documentation.

[akpm@linux-foundation.org: build fixes]
[akpm@linux-foundation.org: New sysctl numbers are old hat]
Signed-off-by: Kees Cook <kees@outflux.net>
Cc: Arjan van de Ven <arjan@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-05-08 11:15:02 -07:00
..
irq MSI: arch must connect the irq and the msi_desc 2007-05-02 19:02:38 -07:00
power freezer: task->exit_state should be treated as bolean 2007-05-08 11:14:58 -07:00
time [PATCH] fix jiffies clocksource inittime 2007-04-04 21:12:47 -07:00
.gitignore
acct.c
audit.c [NETLINK]: Switch cb_lock spinlock to mutex and allow to override it 2007-04-25 22:29:03 -07:00
audit.h
auditfilter.c [PATCH] minor update to rule add/delete messages (ver 2) 2007-02-17 21:30:09 -05:00
auditsc.c [PATCH] fix deadlock in audit_log_task_context() 2007-03-14 15:27:48 -07:00
capability.c [PATCH] pid: replace do/while_each_task_pid with do/while_each_pid_task 2007-02-12 09:48:32 -08:00
compat.c
configs.c
cpu.c [PATCH] Fix microcode-related suspend problem 2007-04-02 10:06:09 -07:00
cpuset.c cpusets: allow TIF_MEMDIE threads to allocate anywhere 2007-05-07 12:12:53 -07:00
delayacct.c KMEM_CACHE(): simplify slab cache creation 2007-05-07 12:12:55 -07:00
dma.c
exec_domain.c
exit.c Return EPERM not ECHILD on security_task_wait failure 2007-05-07 12:12:57 -07:00
extable.c
fork.c Merge sys_clone()/sys_unshare() nsproxy and namespace handling 2007-05-08 11:15:00 -07:00
futex_compat.c
futex.c [PATCH] futex: PI state locking fix 2007-03-16 19:25:06 -07:00
hrtimer.c [NET]: Fix networking compilation errors 2007-04-27 15:31:24 -07:00
itimer.c [PATCH] hrtimers: prevent possible itimer DoS 2007-02-16 08:13:59 -08:00
kallsyms.c Extend print_symbol capability 2007-04-30 16:40:39 -07:00
Kconfig.hz
Kconfig.preempt
kexec.c
kfifo.c
kmod.c Revert "Driver core: let request_module() send a /sys/modules/kmod/-uevent" 2007-02-23 14:54:57 -08:00
kprobes.c [PATCH] kprobes: list all active probes in the system 2007-02-20 17:10:14 -08:00
ksysfs.c remove "struct subsystem" as it is no longer needed 2007-05-02 18:57:59 -07:00
kthread.c
latency.c
lockdep_internals.h
lockdep_proc.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
lockdep.c simplify the stacktrace code 2007-05-08 11:14:58 -07:00
Makefile [PATCH] sysctl: move utsname sysctls to their own file 2007-02-14 08:09:58 -08:00
module.c module: use krealloc 2007-05-08 11:15:00 -07:00
mutex-debug.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
mutex-debug.h
mutex.c
mutex.h
nsproxy.c Merge sys_clone()/sys_unshare() nsproxy and namespace handling 2007-05-08 11:15:00 -07:00
panic.c
params.c remove "struct subsystem" as it is no longer needed 2007-05-02 18:57:59 -07:00
pid.c Merge sys_clone()/sys_unshare() nsproxy and namespace handling 2007-05-08 11:15:00 -07:00
posix-cpu-timers.c [PATCH] posix timers: RCU optimization for clock_gettime() 2007-02-16 08:14:00 -08:00
posix-timers.c [PATCH] hrtimers: add high resolution timer support 2007-02-16 08:13:59 -08:00
printk.c kernel/printk.c: comment fix 2007-02-17 20:10:16 +01:00
profile.c
ptrace.c
rcupdate.c
rcutorture.c rcutorture: Mark rcu_torture_init as __init 2007-05-08 11:15:00 -07:00
relay.c [PATCH] kernel-doc fixes for 2.6.20-git15 (non-drivers) 2007-03-01 14:53:37 -08:00
resource.c libata/IDE: remove combined mode quirk 2007-04-28 14:15:59 -04:00
rtmutex_common.h
rtmutex-debug.c
rtmutex-debug.h
rtmutex-tester.c
rtmutex.c [PATCH] hrtimers: namespace and enum cleanup 2007-02-16 08:13:58 -08:00
rtmutex.h
rwsem.c
sched.c Safer nr_node_ids and nr_node_ids determination and initial values 2007-05-07 12:12:51 -07:00
seccomp.c
signal.c KMEM_CACHE(): simplify slab cache creation 2007-05-07 12:12:55 -07:00
softirq.c [PATCH] tick-management: dyntick / highres functionality 2007-02-16 08:13:59 -08:00
softlockup.c softlockup: s/99/MAX_RT_PRIO/ 2007-05-08 11:14:59 -07:00
spinlock.c
srcu.c
stacktrace.c
stop_machine.c Use stop_machine_run in the Intel RNG driver 2007-05-08 11:15:00 -07:00
sys_ni.c
sys.c remove software_suspend() 2007-05-07 12:12:59 -07:00
sysctl.c proc: maps protection 2007-05-08 11:15:02 -07:00
taskstats.c KMEM_CACHE(): simplify slab cache creation 2007-05-07 12:12:55 -07:00
time.c Optimize timespec_trunc() 2007-05-08 11:15:01 -07:00
timer.c [AF_RXRPC]: Make it possible to merely try to cancel timers from a module 2007-04-26 15:46:56 -07:00
tsacct.c [PATCH] time: x86_64: split x86_64/kernel/time.c up 2007-02-16 08:14:00 -08:00
uid16.c
user.c
utsname_sysctl.c [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
utsname.c Merge sys_clone()/sys_unshare() nsproxy and namespace handling 2007-05-08 11:15:00 -07:00
wait.c
workqueue.c [PATCH] Add debugging feature /proc/timer_stat 2007-02-16 08:13:59 -08:00