From: Kees Cook <kees@kernel.org>
To: Eric Biggers <ebiggers@kernel.org>
Cc: Adrian Ratiu <adrian.ratiu@collabora.com>,
linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org,
kernel@collabora.com, gbiv@google.com, inglorion@google.com,
ajordanr@google.com, Doug Anderson <dianders@chromium.org>,
Jeff Xu <jeffxu@google.com>, Jann Horn <jannh@google.com>,
Christian Brauner <brauner@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH] proc: add config to block FOLL_FORCE in mem writes
Date: Wed, 17 Jul 2024 14:28:29 -0700 [thread overview]
Message-ID: <202407171426.4DE97F7@keescook> (raw)
In-Reply-To: <20240717205335.GA3632@sol.localdomain>
On Wed, Jul 17, 2024 at 01:53:35PM -0700, Eric Biggers wrote:
> On Wed, Jul 17, 2024 at 02:13:58PM +0300, Adrian Ratiu wrote:
> > +config SECURITY_PROC_MEM_RESTRICT_FOLL_FORCE
> > + bool "Remove FOLL_FORCE usage from /proc/pid/mem writes"
> > + default n
> > + help
> > + This restricts FOLL_FORCE flag usage in procfs mem write calls
> > + because it bypasses memory permission checks and can be used by
> > + attackers to manipulate process memory contents that would be
> > + otherwise protected.
> > +
> > + Enabling this will break GDB, gdbserver and other debuggers
> > + which require FOLL_FORCE for basic functionalities.
> > +
> > + If you are unsure how to answer this question, answer N.
>
> FOLL_FORCE is an internal flag, and people who aren't kernel developers aren't
> going to know what it is. Could this option be named and documented in a way
> that would be more understandable to people who aren't kernel developers? What
> is the effect on how /proc/pid/mem behaves?
"Do not bypass RO memory permissions via /proc/$pid/mem writes" ?
--
Kees Cook
prev parent reply other threads:[~2024-07-17 21:28 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-17 11:13 [PATCH] proc: add config to block FOLL_FORCE in mem writes Adrian Ratiu
2024-07-17 17:22 ` Kees Cook
2024-07-17 18:16 ` Linus Torvalds
2024-07-17 22:23 ` Kees Cook
2024-07-18 0:04 ` Linus Torvalds
2024-07-18 15:58 ` Adrian Ratiu
2024-07-17 20:53 ` Eric Biggers
2024-07-17 21:28 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202407171426.4DE97F7@keescook \
--to=kees@kernel.org \
--cc=adrian.ratiu@collabora.com \
--cc=ajordanr@google.com \
--cc=brauner@kernel.org \
--cc=dianders@chromium.org \
--cc=ebiggers@kernel.org \
--cc=gbiv@google.com \
--cc=inglorion@google.com \
--cc=jannh@google.com \
--cc=jeffxu@google.com \
--cc=kernel@collabora.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).