From: Eric Biggers <ebiggers@kernel.org>
To: Adrian Ratiu <adrian.ratiu@collabora.com>
Cc: linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org,
kernel@collabora.com, gbiv@google.com, inglorion@google.com,
ajordanr@google.com, Doug Anderson <dianders@chromium.org>,
Jeff Xu <jeffxu@google.com>, Jann Horn <jannh@google.com>,
Kees Cook <kees@kernel.org>,
Christian Brauner <brauner@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH] proc: add config to block FOLL_FORCE in mem writes
Date: Wed, 17 Jul 2024 13:53:35 -0700 [thread overview]
Message-ID: <20240717205335.GA3632@sol.localdomain> (raw)
In-Reply-To: <20240717111358.415712-1-adrian.ratiu@collabora.com>
On Wed, Jul 17, 2024 at 02:13:58PM +0300, Adrian Ratiu wrote:
> +config SECURITY_PROC_MEM_RESTRICT_FOLL_FORCE
> + bool "Remove FOLL_FORCE usage from /proc/pid/mem writes"
> + default n
> + help
> + This restricts FOLL_FORCE flag usage in procfs mem write calls
> + because it bypasses memory permission checks and can be used by
> + attackers to manipulate process memory contents that would be
> + otherwise protected.
> +
> + Enabling this will break GDB, gdbserver and other debuggers
> + which require FOLL_FORCE for basic functionalities.
> +
> + If you are unsure how to answer this question, answer N.
FOLL_FORCE is an internal flag, and people who aren't kernel developers aren't
going to know what it is. Could this option be named and documented in a way
that would be more understandable to people who aren't kernel developers? What
is the effect on how /proc/pid/mem behaves?
- Eric
next prev parent reply other threads:[~2024-07-17 20:53 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-17 11:13 [PATCH] proc: add config to block FOLL_FORCE in mem writes Adrian Ratiu
2024-07-17 17:22 ` Kees Cook
2024-07-17 18:16 ` Linus Torvalds
2024-07-17 22:23 ` Kees Cook
2024-07-18 0:04 ` Linus Torvalds
2024-07-18 15:58 ` Adrian Ratiu
2024-07-17 20:53 ` Eric Biggers [this message]
2024-07-17 21:28 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240717205335.GA3632@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=adrian.ratiu@collabora.com \
--cc=ajordanr@google.com \
--cc=brauner@kernel.org \
--cc=dianders@chromium.org \
--cc=gbiv@google.com \
--cc=inglorion@google.com \
--cc=jannh@google.com \
--cc=jeffxu@google.com \
--cc=kees@kernel.org \
--cc=kernel@collabora.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.