[PATCH AUTOSEL 6.6 048/139] proc: add config & param to block forcing mem writes
Alexey Dobriyan
adobriyan at gmail.com
Wed Sep 25 15:58:05 UTC 2024
On Wed, Sep 25, 2024 at 08:07:48AM -0400, Sasha Levin wrote:
> From: Adrian Ratiu <adrian.ratiu at collabora.com>
>
> [ Upstream commit 41e8149c8892ed1962bd15350b3c3e6e90cba7f4 ]
>
> This adds a Kconfig option and boot param to allow removing
> the FOLL_FORCE flag from /proc/pid/mem write calls because
> it can be abused.
And this is not a mount option why?
> The traditional forcing behavior is kept as default because
> it can break GDB and some other use cases.
>
> Previously we tried a more sophisticated approach allowing
> distributions to fine-tune /proc/pid/mem behavior, however
> that got NAK-ed by Linus [1], who prefers this simpler
> approach with semantics also easier to understand for users.
More information about the Linux-security-module-archive
mailing list