linux - NXP/Freescale LSDK linux tree with Scalys patches

diff options

author	Djalal Harouni <tixxdz@opendz.org>	2014-04-07 22:38:36 (GMT)
committer	Linus Torvalds <torvalds@linux-foundation.org>	2014-04-07 23:36:04 (GMT)
commit	35a35046e4f9d8849e727b0e0f6edac0ece4ca6e (patch)
tree	40e3296460ebc388f4c1ce3f622c0858fae0a6e9 /fs/isofs
parent	1c44dbc82f75aabc5de95da92b304393a94751fc (diff)
download	linux-35a35046e4f9d8849e727b0e0f6edac0ece4ca6e.tar.xz

procfs: make /proc/*/{stack,syscall,personality} 0400

These procfs files contain sensitive information and currently their mode is 0444. Change this to 0400, so the VFS will be able to block unprivileged processes from getting file descriptors on arbitrary privileged /proc/*/{stack,syscall,personality} files. This reduces the scope of ASLR leaking and bypasses by protecting already running processes. Signed-off-by: Djalal Harouni <tixxdz@opendz.org> Acked-by: Kees Cook <keescook@chromium.org> Acked-by: Andy Lutomirski <luto@amacapital.net> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Ingo Molnar <mingo@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Diffstat (limited to 'fs/isofs')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: