Re: [PATCH v4 2/2] proc: restrict /proc/pid/mem

Adrian Ratiu adrian.ratiu at collabora.com
Mon May 27 11:21:10 UTC 2024


On Saturday, May 25, 2024 08:49 EEST, Randy Dunlap <rdunlap at infradead.org> wrote:

> Hi--
> 
> On 5/24/24 12:28 PM, Adrian Ratiu wrote:
> > diff --git a/security/Kconfig b/security/Kconfig
> > index 412e76f1575d..0cd73f848b5a 100644
> > --- a/security/Kconfig
> > +++ b/security/Kconfig
> > @@ -183,6 +183,74 @@ config STATIC_USERMODEHELPER_PATH
> >  	  If you wish for all usermode helper programs to be disabled,
> >  	  specify an empty string here (i.e. "").
> >  
> > +menu "Procfs mem restriction options"
> > +
> > +config PROC_MEM_RESTRICT_FOLL_FORCE_DEFAULT
> > +	bool "Restrict all FOLL_FORCE flag usage"
> > +	default n
> > +	help
> > +	  Restrict all FOLL_FORCE usage during /proc/*/mem RW.
> > +	  Debuggerg like GDB require using FOLL_FORCE for basic
> 
> 	  Debuggers

Hello and thank you for the feedback!

I'll fix these typos in a v5 together with the kernel test robot failures.

I'll give v4 a bit more time in case other people have more feedback,
so I can address them all in one go.




More information about the Linux-security-module-archive mailing list