[PATCH v2 1/1] mm/madvise: replace ptrace attach requirement for process_madvise

Suren Baghdasaryan surenb at google.com
Wed Jan 20 16:49:07 UTC 2021


On Tue, Jan 19, 2021 at 9:02 PM James Morris <jmorris at namei.org> wrote:
>
> On Mon, 11 Jan 2021, Suren Baghdasaryan wrote:
>
> > Replace PTRACE_MODE_ATTACH with a combination of PTRACE_MODE_READ
> > and CAP_SYS_NICE. PTRACE_MODE_READ to prevent leaking ASLR metadata
> > and CAP_SYS_NICE for influencing process performance.
>
>
> Almost missed these -- please cc the LSM mailing list when modifying
> capabilities or other LSM-related things.

Thanks for the note. Will definitely include it when sending the next version.

>
> --
> James Morris
> <jmorris at namei.org>
>
> --
> To unsubscribe from this group and stop receiving emails from it, send an email to kernel-team+unsubscribe at android.com.
>



More information about the Linux-security-module-archive mailing list