Re: [PATCH v4 2/2] proc: restrict /proc/pid/mem
Adrian Ratiu
adrian.ratiu at collabora.com
Mon May 27 11:21:10 UTC 2024
On Saturday, May 25, 2024 08:49 EEST, Randy Dunlap <rdunlap at infradead.org> wrote:
> Hi--
>
> On 5/24/24 12:28 PM, Adrian Ratiu wrote:
> > diff --git a/security/Kconfig b/security/Kconfig
> > index 412e76f1575d..0cd73f848b5a 100644
> > --- a/security/Kconfig
> > +++ b/security/Kconfig
> > @@ -183,6 +183,74 @@ config STATIC_USERMODEHELPER_PATH
> > If you wish for all usermode helper programs to be disabled,
> > specify an empty string here (i.e. "").
> >
> > +menu "Procfs mem restriction options"
> > +
> > +config PROC_MEM_RESTRICT_FOLL_FORCE_DEFAULT
> > + bool "Restrict all FOLL_FORCE flag usage"
> > + default n
> > + help
> > + Restrict all FOLL_FORCE usage during /proc/*/mem RW.
> > + Debuggerg like GDB require using FOLL_FORCE for basic
>
> Debuggers
Hello and thank you for the feedback!
I'll fix these typos in a v5 together with the kernel test robot failures.
I'll give v4 a bit more time in case other people have more feedback,
so I can address them all in one go.
More information about the Linux-security-module-archive
mailing list