On Mon, Dec 17, 2018 at 12:21:40PM +0800, 程洋 wrote:
> Actually I'm pretty sure kernel calls proc_mount()
> Here is the call stack
OK, hidepid= is still misdesigned. :-(
Actually I'm pretty sure kernel calls proc_mount()
Here is the call stack
[0.003450] [] proc_mount+0x2c/0x98
[0.003459] [] mount_fs+0x164/0x190
[0.003465] [] vfs_kern_mount+0x74/0x168
[0.003469] [] kern_mount_data+0x18/0x30
[0.003474] [] pid_ns_prepare_proc+0x24/0x40
[0.0034
On Wed, Dec 05, 2018 at 03:26:04PM +0800, 程洋 wrote:
> Anyone who can review my patch?
>
> 程洋 于2018年11月30日周五 上午10:34写道:
> >
> > Here is an article illustrates the details.
> > https://medium.com/@topjohnwu/from-anime-game-to-android-system-security-vulnerability-9b955a182f20
> >
> > And There is a
@Nick. Would mind giving this patch an "Acked-by"?
This issue causes any Android who uses latest kernel cannot mount proc
with "hidepid=2" option. Which causes problems
程洋 于2018年12月5日周三 下午3:26写道:
>
> Anyone who can review my patch?
>
> 程洋 于2018年11月30日周五 上午10:34写道:
> >
> > Here is an article illus
Anyone who can review my patch?
程洋 于2018年11月30日周五 上午10:34写道:
>
> Here is an article illustrates the details.
> https://medium.com/@topjohnwu/from-anime-game-to-android-system-security-vulnerability-9b955a182f20
>
> And There is a similar fix on kernel-4.4:
> https://git.kernel.org/pub/scm/linux/k
Andrew's question makes me think if this fix is superficial. Actually
i have had same question. But when i saw a smilar patch in kernel-4.4
was already merged in 2012, i decided to submit this patch first.
Here is the call stack i got:
[0.003450] [] proc_mount+0x2c/0x98
[0.003459] [] mount
Here is an article illustrates the details.
https://medium.com/@topjohnwu/from-anime-game-to-android-system-security-vulnerability-9b955a182f20
And There is a similar fix on kernel-4.4:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=99663be772c827b8f5f594fe87eb4807be
> [PATCH] Security: Handle hidepid option correctly
Why is this considered to be security sensitive? I can guess, but I'd
like to know your reasoning.
On Thu, 29 Nov 2018 19:08:21 +0800 d17103...@gmail.com wrote:
> From: Cheng Yang
>
> The proc_parse_options() call from proc_mount() runs on
8 matches
Mail list logo
