[PATCH v2 1/1] mm/madvise: replace ptrace attach requirement for process_madvise

James Morris jmorris at namei.org
Wed Jan 20 05:01:13 UTC 2021


On Mon, 11 Jan 2021, Suren Baghdasaryan wrote:

> Replace PTRACE_MODE_ATTACH with a combination of PTRACE_MODE_READ
> and CAP_SYS_NICE. PTRACE_MODE_READ to prevent leaking ASLR metadata
> and CAP_SYS_NICE for influencing process performance.


Almost missed these -- please cc the LSM mailing list when modifying 
capabilities or other LSM-related things.

-- 
James Morris
<jmorris at namei.org>



More information about the Linux-security-module-archive mailing list