[PATCH v2] proc: allow restricting /proc/pid/mem writes

Kees Cook keescook at chromium.org
Mon Mar 4 17:56:03 UTC 2024


On Mon, Mar 04, 2024 at 02:35:29PM +0000, Adrian Ratiu wrote:
> Yes, easy to block and also respect page permissions (can't write
> read-only memory) as well as require ptrace access anyway by checking
> PTRACE_MODE_ATTACH_REALCREDS.

right, I don't think process_vm_writev() ignores page permissions? i.e. I
don't see where it is using FOLL_FORCE, which is one of the central
problems with /proc/$pid/mem. (Which reminds me, this is worth mentioning
more explicitly in the commit log for v3.)

-- 
Kees Cook



More information about the Linux-security-module-archive mailing list