[PATCH v2 1/1] mm/madvise: replace ptrace attach requirement for process_madvise
surenb at google.com
Wed Jan 20 16:49:07 UTC 2021
On Tue, Jan 19, 2021 at 9:02 PM James Morris <jmorris at namei.org> wrote:
> On Mon, 11 Jan 2021, Suren Baghdasaryan wrote:
> > Replace PTRACE_MODE_ATTACH with a combination of PTRACE_MODE_READ
> > and CAP_SYS_NICE. PTRACE_MODE_READ to prevent leaking ASLR metadata
> > and CAP_SYS_NICE for influencing process performance.
> Almost missed these -- please cc the LSM mailing list when modifying
> capabilities or other LSM-related things.
Thanks for the note. Will definitely include it when sending the next version.
> James Morris
> <jmorris at namei.org>
> To unsubscribe from this group and stop receiving emails from it, send an email to kernel-team+unsubscribe at android.com.
More information about the Linux-security-module-archive