On Mon, Mar 9, 2015 at 2:11 PM, Kirill A. Shutemov <kir...@shutemov.name> wrote: > From: "Kirill A. Shutemov" <kirill.shute...@linux.intel.com> > > As pointed by recent post[1] on exploiting DRAM physical imperfection, > /proc/PID/pagemap exposes sensitive information which can be used to do > attacks. > > This is RFC patch which disallow anybody without CAP_SYS_ADMIN to read > the pagemap. > > Any comments?
I prefer Dave Hansen's approach: http://www.spinics.net/lists/kernel/msg1941939.html This gives finer grained control without globally dropping the ability of a non-root process to examine pagemap details (which is the whole point of the interface). -Kees > > [1] > http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html > > Signed-off-by: Kirill A. Shutemov <kirill.shute...@linux.intel.com> > Cc: Pavel Emelyanov <xe...@parallels.com> > Cc: Konstantin Khlebnikov <khlebni...@openvz.org> > Cc: Andrew Morton <a...@linux-foundation.org> > Cc: Linus Torvalds <torva...@linux-foundation.org> > Cc: Mark Seaborn <mseab...@chromium.org> > Cc: Andy Lutomirski <l...@amacapital.net> > --- > fs/proc/task_mmu.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c > index 246eae84b13b..b72b36e64286 100644 > --- a/fs/proc/task_mmu.c > +++ b/fs/proc/task_mmu.c > @@ -1322,6 +1322,9 @@ out: > > static int pagemap_open(struct inode *inode, struct file *file) > { > + /* do not disclose physical addresses: attack vector */ > + if (!capable(CAP_SYS_ADMIN)) > + return -EPERM; > pr_warn_once("Bits 55-60 of /proc/PID/pagemap entries are about " > "to stop being page-shift some time soon. See the " > "linux/Documentation/vm/pagemap.txt for details.\n"); > -- > 2.3.1 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majord...@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
