[PATCH v2 1/1] mm/madvise: replace ptrace attach requirement for process_madvise
James Morris
jmorris at namei.org
Wed Jan 20 05:01:13 UTC 2021
On Mon, 11 Jan 2021, Suren Baghdasaryan wrote:
> Replace PTRACE_MODE_ATTACH with a combination of PTRACE_MODE_READ
> and CAP_SYS_NICE. PTRACE_MODE_READ to prevent leaking ASLR metadata
> and CAP_SYS_NICE for influencing process performance.
Almost missed these -- please cc the LSM mailing list when modifying
capabilities or other LSM-related things.
--
James Morris
<jmorris at namei.org>
More information about the Linux-security-module-archive
mailing list