From: Alexey Dobriyan <adobriyan@gmail.com>
To: 程洋 <d17103513@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
David Howells <dhowells@redhat.com>,
"Peter Zijlstra (Intel)" <peterz@infradead.org>,
Al Viro <viro@zeniv.linux.org.uk>,
Johannes Weiner <hannes@cmpxchg.org>,
Davidlohr Bueso <dbueso@suse.de>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: Re: > [PATCH] Security: Handle hidepid option correctly
Date: Fri, 14 Dec 2018 18:44:36 +0300 [thread overview]
Message-ID: <20181214154436.GA16772@avx2> (raw)
In-Reply-To: <CADd0cq1HHv4xXn0tEWb4SfQ2XvoH33O1d1rogojj=hBTm+Lwww@mail.gmail.com>
On Wed, Dec 05, 2018 at 03:26:04PM +0800, 程洋 wrote:
> Anyone who can review my patch?
>
> 程洋 <chengyang@xiaomi.com> 于2018年11月30日周五 上午10:34写道:
> >
> > Here is an article illustrates the details.
> > https://medium.com/@topjohnwu/from-anime-game-to-android-system-security-vulnerability-9b955a182f20
> >
> > And There is a similar fix on kernel-4.4:
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=99663be772c827b8f5f594fe87eb4807be1994e5
> >
> > Q: Other filesystems parse the options from fill_super(). Is proc special in some fashion?
> > A: According to my research, start_kernel will call proc_mount first, and initialize sb->s_root before any userspace process runs. If others want to mount it, all options will be ignored.
> > AOSP change here: https://android-review.googlesource.com/c/platform/system/core/+/181345/4/init/init.cpp
> > At first I though we should mount it with MS_REMOUNT flag. But kernel will crash if we did this.
This is not true: /proc is mounted by userspace (and it is easy to see
from the fact that proc_mount() is not called from kernel anywhere).
hidepid= in its current form is misdesigned, so might as well not bother
changing anything. IIRC there were(?) patches to make it per-mount.
next prev parent reply other threads:[~2018-12-14 15:44 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-30 2:34 > [PATCH] Security: Handle hidepid option correctly 程洋
2018-11-30 5:58 ` 程洋
2018-11-30 7:34 ` 程洋
2018-12-05 7:26 ` 程洋
2018-12-07 7:03 ` 程洋
2018-12-14 15:44 ` Alexey Dobriyan [this message]
2018-12-17 4:21 ` 程洋
2018-12-21 18:10 ` Alexey Dobriyan
[not found] <cover.1543472629.git.chengyang@xiaomi.com>
2018-11-29 11:08 ` d17103513
2018-11-29 20:30 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181214154436.GA16772@avx2 \
--to=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=d17103513@gmail.com \
--cc=dbueso@suse.de \
--cc=dhowells@redhat.com \
--cc=hannes@cmpxchg.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.