From: Alan Cox <alan@lxorguk.ukuu.org.uk>
To: Andi Kleen <ak@suse.de>
Cc: Daniel Jacobowitz <dan@debian.org>,
Renzo Davoli <renzo@cs.unibo.it>,
Ulrich Drepper <drepper@gmail.com>,
osd@cs.unibo.it, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] 2-ptrace_multi
Date: Sat, 20 May 2006 15:37:05 +0100 [thread overview]
Message-ID: <1148135825.2085.33.camel@localhost.localdomain> (raw)
In-Reply-To: <200605192217.30518.ak@suse.de>
On Gwe, 2006-05-19 at 22:17 +0200, Andi Kleen wrote:
> > I believe the conclusion, when this was last discussed, was that this
> > is not true and could be fixed.
>
> iirc the main problem was mmap of /proc/*/mem. write can be probably
> enabled after some auditing.
>
> Alan hacked on this iirc so he might comment.
The stuff I hacked on was to solve the problem that "/proc/xxx/mem"
changed meaning while open. That is if you did opens on proc/self/mem
and passed the fd to someone they got *their own* /proc/self/mem.
That can cause mayhem if you do
fd = open /proc/self/mem
dup(fd, 2);
dup(fd, 1);
seek to right spot
exec setuid binary in a way it prints and self patches.
I think the general cases of write and mmap can probably be enabled with
care. Clearly you can do it via ptrace so therefore ptrace equivalent
permissions is a beginning point. Someone needs to audit the mm
implications carefully because the old DOSemu mmap of /proc/self trick
did break stuff and the write case might have similar problems.
Alan
next prev parent reply other threads:[~2006-05-20 15:17 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-18 15:53 ptrace enhancements for VM support (patch proposals follow in sep.msgs) Renzo Davoli
2006-05-18 15:56 ` [PATCH] 1-access_process_vm_user Renzo Davoli
2006-05-18 15:58 ` [PATCH] 2-ptrace_multi Renzo Davoli
2006-05-18 20:17 ` Andi Kleen
2006-05-18 21:13 ` Renzo Davoli
2006-05-19 2:23 ` Ulrich Drepper
2006-05-19 9:07 ` Renzo Davoli
2006-05-19 13:09 ` Daniel Jacobowitz
2006-05-19 17:45 ` Renzo Davoli
2006-05-19 19:15 ` Renzo Davoli
2006-05-19 20:15 ` Daniel Jacobowitz
2006-05-19 20:17 ` Andi Kleen
2006-05-20 6:44 ` Ulrich Drepper
2006-05-20 14:37 ` Alan Cox [this message]
2006-05-20 18:30 ` Renzo Davoli
2006-05-20 20:23 ` Ulrich Drepper
2006-05-20 21:39 ` Jeff Dike
2006-05-21 12:38 ` Avi Kivity
2006-05-21 15:28 ` Renzo Davoli
2006-05-22 13:02 ` Daniel Jacobowitz
2006-05-22 15:05 ` Renzo Davoli
2006-05-22 15:26 ` Daniel Jacobowitz
2006-05-18 16:07 ` [PATCH] 3-ptrace_vm Renzo Davoli
2006-05-21 8:03 ` ptrace enhancements for VM support (patch proposals follow in sep.msgs) Peter Chubb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1148135825.2085.33.camel@localhost.localdomain \
--to=alan@lxorguk.ukuu.org.uk \
--cc=ak@suse.de \
--cc=dan@debian.org \
--cc=drepper@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=osd@cs.unibo.it \
--cc=renzo@cs.unibo.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox