From: Eric Biggers <ebiggers@kernel.org>
To: Adrian Ratiu <adrian.ratiu@collabora.com>
Cc: linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org,
kernel@collabora.com, gbiv@google.com, inglorion@google.com,
ajordanr@google.com, Doug Anderson <dianders@chromium.org>,
Jeff Xu <jeffxu@google.com>, Jann Horn <jannh@google.com>,
Kees Cook <kees@kernel.org>,
Christian Brauner <brauner@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH] proc: add config to block FOLL_FORCE in mem writes
Date: Wed, 17 Jul 2024 13:53:35 -0700 [thread overview]
Message-ID: <20240717205335.GA3632@sol.localdomain> (raw)
In-Reply-To: <20240717111358.415712-1-adrian.ratiu@collabora.com>
On Wed, Jul 17, 2024 at 02:13:58PM +0300, Adrian Ratiu wrote:
> +config SECURITY_PROC_MEM_RESTRICT_FOLL_FORCE
> + bool "Remove FOLL_FORCE usage from /proc/pid/mem writes"
> + default n
> + help
> + This restricts FOLL_FORCE flag usage in procfs mem write calls
> + because it bypasses memory permission checks and can be used by
> + attackers to manipulate process memory contents that would be
> + otherwise protected.
> +
> + Enabling this will break GDB, gdbserver and other debuggers
> + which require FOLL_FORCE for basic functionalities.
> +
> + If you are unsure how to answer this question, answer N.
FOLL_FORCE is an internal flag, and people who aren't kernel developers aren't
going to know what it is. Could this option be named and documented in a way
that would be more understandable to people who aren't kernel developers? What
is the effect on how /proc/pid/mem behaves?
- Eric
next prev parent reply other threads:[~2024-07-17 20:53 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-17 11:13 [PATCH] proc: add config to block FOLL_FORCE in mem writes Adrian Ratiu
2024-07-17 17:22 ` Kees Cook
2024-07-17 18:16 ` Linus Torvalds
2024-07-17 22:23 ` Kees Cook
2024-07-18 0:04 ` Linus Torvalds
2024-07-18 15:58 ` Adrian Ratiu
2024-07-17 20:53 ` Eric Biggers [this message]
2024-07-17 21:28 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240717205335.GA3632@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=adrian.ratiu@collabora.com \
--cc=ajordanr@google.com \
--cc=brauner@kernel.org \
--cc=dianders@chromium.org \
--cc=gbiv@google.com \
--cc=inglorion@google.com \
--cc=jannh@google.com \
--cc=jeffxu@google.com \
--cc=kees@kernel.org \
--cc=kernel@collabora.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).