From: Alexey Dobriyan <adobriyan@gmail.com>
To: 程洋 <d17103513@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
David Howells <dhowells@redhat.com>,
"Peter Zijlstra (Intel)" <peterz@infradead.org>,
Al Viro <viro@zeniv.linux.org.uk>,
Johannes Weiner <hannes@cmpxchg.org>,
Davidlohr Bueso <dbueso@suse.de>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: Re: > [PATCH] Security: Handle hidepid option correctly
Date: Fri, 14 Dec 2018 18:44:36 +0300 [thread overview]
Message-ID: <20181214154436.GA16772@avx2> (raw)
In-Reply-To: <CADd0cq1HHv4xXn0tEWb4SfQ2XvoH33O1d1rogojj=hBTm+Lwww@mail.gmail.com>
On Wed, Dec 05, 2018 at 03:26:04PM +0800, 程洋 wrote:
> Anyone who can review my patch?
>
> 程洋 <chengyang@xiaomi.com> 于2018年11月30日周五 上午10:34写道:
> >
> > Here is an article illustrates the details.
> > https://medium.com/@topjohnwu/from-anime-game-to-android-system-security-vulnerability-9b955a182f20
> >
> > And There is a similar fix on kernel-4.4:
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=99663be772c827b8f5f594fe87eb4807be1994e5
> >
> > Q: Other filesystems parse the options from fill_super(). Is proc special in some fashion?
> > A: According to my research, start_kernel will call proc_mount first, and initialize sb->s_root before any userspace process runs. If others want to mount it, all options will be ignored.
> > AOSP change here: https://android-review.googlesource.com/c/platform/system/core/+/181345/4/init/init.cpp
> > At first I though we should mount it with MS_REMOUNT flag. But kernel will crash if we did this.
This is not true: /proc is mounted by userspace (and it is easy to see
from the fact that proc_mount() is not called from kernel anywhere).
hidepid= in its current form is misdesigned, so might as well not bother
changing anything. IIRC there were(?) patches to make it per-mount.
next prev parent reply other threads:[~2018-12-14 15:44 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-30 2:34 > [PATCH] Security: Handle hidepid option correctly 程洋
2018-11-30 5:58 ` 程洋
2018-11-30 7:34 ` 程洋
2018-12-05 7:26 ` 程洋
2018-12-07 7:03 ` 程洋
2018-12-14 15:44 ` Alexey Dobriyan [this message]
2018-12-17 4:21 ` 程洋
2018-12-21 18:10 ` Alexey Dobriyan
[not found] <cover.1543472629.git.chengyang@xiaomi.com>
2018-11-29 11:08 ` d17103513
2018-11-29 20:30 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181214154436.GA16772@avx2 \
--to=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=d17103513@gmail.com \
--cc=dbueso@suse.de \
--cc=dhowells@redhat.com \
--cc=hannes@cmpxchg.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).