aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorKees Cook <kees@outflux.net>2007-05-08 03:26:04 -0400
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-05-08 14:15:02 -0400
commit5096add84b9e96e2e0a9c72675c442fe5433388a (patch)
treef0444013cb7db32596d2b6febafc1ee4c2a4ea1f /kernel
parent4a1ccb5b1eff949a90ab830869cb23d6609c3d5f (diff)
proc: maps protection
The /proc/pid/ "maps", "smaps", and "numa_maps" files contain sensitive information about the memory location and usage of processes. Issues: - maps should not be world-readable, especially if programs expect any kind of ASLR protection from local attackers. - maps cannot just be 0400 because "-D_FORTIFY_SOURCE=2 -O2" makes glibc check the maps when %n is in a *printf call, and a setuid(getuid()) process wouldn't be able to read its own maps file. (For reference see http://lkml.org/lkml/2006/1/22/150) - a system-wide toggle is needed to allow prior behavior in the case of non-root applications that depend on access to the maps contents. This change implements a check using "ptrace_may_attach" before allowing access to read the maps contents. To control this protection, the new knob /proc/sys/kernel/maps_protect has been added, with corresponding updates to the procfs documentation. [akpm@linux-foundation.org: build fixes] [akpm@linux-foundation.org: New sysctl numbers are old hat] Signed-off-by: Kees Cook <kees@outflux.net> Cc: Arjan van de Ven <arjan@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/sysctl.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index c904748f2290..f0664bd5011c 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -76,6 +76,7 @@ extern int pid_max_min, pid_max_max;
76extern int sysctl_drop_caches; 76extern int sysctl_drop_caches;
77extern int percpu_pagelist_fraction; 77extern int percpu_pagelist_fraction;
78extern int compat_log; 78extern int compat_log;
79extern int maps_protect;
79 80
80/* this is needed for the proc_dointvec_minmax for [fs_]overflow UID and GID */ 81/* this is needed for the proc_dointvec_minmax for [fs_]overflow UID and GID */
81static int maxolduid = 65535; 82static int maxolduid = 65535;
@@ -603,6 +604,16 @@ static ctl_table kern_table[] = {
603 .proc_handler = &proc_dointvec, 604 .proc_handler = &proc_dointvec,
604 }, 605 },
605#endif 606#endif
607#ifdef CONFIG_PROC_FS
608 {
609 .ctl_name = CTL_UNNUMBERED,
610 .procname = "maps_protect",
611 .data = &maps_protect,
612 .maxlen = sizeof(int),
613 .mode = 0644,
614 .proc_handler = &proc_dointvec,
615 },
616#endif
606 617
607 { .ctl_name = 0 } 618 { .ctl_name = 0 }
608}; 619};