[PATCH v2] proc: allow restricting /proc/pid/mem writes
Kees Cook
keescook at chromium.org
Mon Mar 4 17:56:03 UTC 2024
On Mon, Mar 04, 2024 at 02:35:29PM +0000, Adrian Ratiu wrote:
> Yes, easy to block and also respect page permissions (can't write
> read-only memory) as well as require ptrace access anyway by checking
> PTRACE_MODE_ATTACH_REALCREDS.
right, I don't think process_vm_writev() ignores page permissions? i.e. I
don't see where it is using FOLL_FORCE, which is one of the central
problems with /proc/$pid/mem. (Which reminds me, this is worth mentioning
more explicitly in the commit log for v3.)
--
Kees Cook
More information about the Linux-security-module-archive
mailing list