subject:"\[PATCH 1\/1\] mm\/madvise\: replace ptrace attach requirement for process

Re: [PATCH 1/1] mm/madvise: replace ptrace attach requirement for process_madvise

2021-01-11 Thread Suren Baghdasaryan

On Mon, Jan 11, 2021 at 9:05 AM Suren Baghdasaryan wrote: > > On Mon, Jan 11, 2021 at 2:20 AM Florian Weimer wrote: > > > > * Suren Baghdasaryan: > > > > > diff --git a/mm/madvise.c b/mm/madvise.c > > > index 6a660858784b..c2d600386902 100644 > > > --- a/mm/madvise.c > > > +++ b/mm/madvise.c > >

Re: [PATCH 1/1] mm/madvise: replace ptrace attach requirement for process_madvise

2021-01-11 Thread Suren Baghdasaryan

On Mon, Jan 11, 2021 at 2:20 AM Florian Weimer wrote: > > * Suren Baghdasaryan: > > > diff --git a/mm/madvise.c b/mm/madvise.c > > index 6a660858784b..c2d600386902 100644 > > --- a/mm/madvise.c > > +++ b/mm/madvise.c > > @@ -1197,12 +1197,22 @@ SYSCALL_DEFINE5(process_madvise, int, pidfd, const >

Re: [PATCH 1/1] mm/madvise: replace ptrace attach requirement for process_madvise

2021-01-11 Thread Florian Weimer

* Suren Baghdasaryan: > diff --git a/mm/madvise.c b/mm/madvise.c > index 6a660858784b..c2d600386902 100644 > --- a/mm/madvise.c > +++ b/mm/madvise.c > @@ -1197,12 +1197,22 @@ SYSCALL_DEFINE5(process_madvise, int, pidfd, const > struct iovec __user *, vec, > goto release_task; >

Re: [PATCH 1/1] mm/madvise: replace ptrace attach requirement for process_madvise

2021-01-08 Thread Suren Baghdasaryan

On Fri, Jan 8, 2021 at 5:02 PM David Rientjes wrote: > > On Fri, 8 Jan 2021, Suren Baghdasaryan wrote: > > > > > @@ -1197,12 +1197,22 @@ SYSCALL_DEFINE5(process_madvise, int, pidfd, > > > > const struct iovec __user *, vec, > > > > goto release_task; > > > > } > > > > > > > >

Re: [PATCH 1/1] mm/madvise: replace ptrace attach requirement for process_madvise

2021-01-08 Thread David Rientjes

On Fri, 8 Jan 2021, Suren Baghdasaryan wrote: > > > @@ -1197,12 +1197,22 @@ SYSCALL_DEFINE5(process_madvise, int, pidfd, > > > const struct iovec __user *, vec, > > > goto release_task; > > > } > > > > > > - mm = mm_access(task, PTRACE_MODE_ATTACH_FSCREDS); > > > + /*

Re: [PATCH 1/1] mm/madvise: replace ptrace attach requirement for process_madvise

2021-01-08 Thread Suren Baghdasaryan

On Fri, Jan 8, 2021 at 2:15 PM Minchan Kim wrote: > > On Fri, Jan 08, 2021 at 12:58:57PM -0800, Suren Baghdasaryan wrote: > > process_madvise currently requires ptrace attach capability. > > PTRACE_MODE_ATTACH gives one process complete control over another > > process. It effectively removes the

Re: [PATCH 1/1] mm/madvise: replace ptrace attach requirement for process_madvise

2021-01-08 Thread Minchan Kim

On Fri, Jan 08, 2021 at 12:58:57PM -0800, Suren Baghdasaryan wrote: > process_madvise currently requires ptrace attach capability. > PTRACE_MODE_ATTACH gives one process complete control over another > process. It effectively removes the security boundary between the > two processes (in one directi

[PATCH 1/1] mm/madvise: replace ptrace attach requirement for process_madvise

2021-01-08 Thread Suren Baghdasaryan

process_madvise currently requires ptrace attach capability. PTRACE_MODE_ATTACH gives one process complete control over another process. It effectively removes the security boundary between the two processes (in one direction). Granting ptrace attach capability even to a system process is considere

Re: [PATCH 1/1] mm/madvise: replace ptrace attach requirement for process_madvise

Re: [PATCH 1/1] mm/madvise: replace ptrace attach requirement for process_madvise

Re: [PATCH 1/1] mm/madvise: replace ptrace attach requirement for process_madvise

Re: [PATCH 1/1] mm/madvise: replace ptrace attach requirement for process_madvise

Re: [PATCH 1/1] mm/madvise: replace ptrace attach requirement for process_madvise

Re: [PATCH 1/1] mm/madvise: replace ptrace attach requirement for process_madvise

Re: [PATCH 1/1] mm/madvise: replace ptrace attach requirement for process_madvise

[PATCH 1/1] mm/madvise: replace ptrace attach requirement for process_madvise

8 matches

Site Navigation

Mail list logo

Footer information