From: Jan Stancek <jstancek@redhat.com>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH 6/11] mmap/mmap12: Testcase failed when no root user run it
Date: Sat, 31 Oct 2015 04:15:22 -0400 (EDT) [thread overview]
Message-ID: <322055225.38333.1446279322374.JavaMail.zimbra@redhat.com> (raw)
In-Reply-To: <5634112F.1030203@huawei.com>
----- Original Message -----
> From: "Cui Bixuan" <cuibixuan@huawei.com>
> To: "Jan Stancek" <jstancek@redhat.com>
> Cc: "Cyril Hrubis" <chrubis@suse.cz>, zhuyanpeng@huawei.com, zhanyongming@huawei.com, ltp@lists.linux.it
> Sent: Saturday, 31 October, 2015 1:54:07 AM
> Subject: Re: [LTP] [PATCH 6/11] mmap/mmap12: Testcase failed when no root user run it
>
> On 2015/10/30 17:29, Jan Stancek wrote:
> >
> >
> >
> >
> > ----- Original Message -----
> >> From: "Cui Bixuan" <cuibixuan@huawei.com>
> >> To: "Cyril Hrubis" <chrubis@suse.cz>
> >> Cc: zhuyanpeng@huawei.com, zhanyongming@huawei.com, ltp@lists.linux.it
> >> Sent: Friday, 30 October, 2015 9:56:36 AM
> >> Subject: Re: [LTP] [PATCH 6/11] mmap/mmap12: Testcase failed when no root
> >> user run it
> >>
> >> On 2015/10/29 19:57, Cyril Hrubis wrote:
> >>> Hi!
> >>>> Add tst_require_root() to testcase for open /proc/self/pagemap file.
> >>>
> >>> On my machines the /proc/self/pagemap is readable by the process (it's
> >>> owned by the user that has started the program).
> >>>
> >>> What is output of ls -l /proc/self/pagemap on your machine?
> >> I look my system and others:
> >> 1) SUSE SP2: 3.0.13-0.27-default (uname -a); test PASS; -r--r--r-- 1 root
> >> root 0 Oct 30 16:13 /proc/self/pagemap
> >> 2) Ubuntu: 3.13.0-32-generic; test PASS; -r--r--r--. 1
> >> cuibixuan cuibixuan 0 10? 30 16:19 /proc/self/pagemap
> >> 3) SUSE: 4.2.0-0.11-default; test FAIL; -r-------- 1 root
> >> root 0 Nov 13 01:39 /proc/self/pagemap
> >> 4) arm64: linux 4.1.6; test FAIL; -r-------- 1 root
> >> root 0 Jan 18 01:53 /proc/self/pagemap
> >>
> >> Maybe the higher version of the kernel change the file attributes
> >> of /proc/self/pagemap, I think.
> >
> > commit 32ed74a4b968a4faff7aaaff557035ce5d5e70ab
> > Author: Djalal Harouni <tixxdz@opendz.org>
> > Date: Mon Apr 7 15:38:38 2014 -0700
> >
> > procfs: make /proc/*/pagemap 0400
> >
> > The /proc/*/pagemap contain sensitive information and currently its
> > mode
> > is 0444. Change this to 0400, so the VFS will prevent unprivileged
> > processes from getting file descriptors on arbitrary privileged
> > /proc/*/pagemap files.
> >
> > but that doesn't explain why process can't read its own pagemap.
> > For 3) and 4): Did you run that as unprivileged user or as a root?
> >
Looks like the EPERM is from this patch, which disabled reading for non-privileged users:
commit ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce
Author: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Date: Mon Mar 9 23:11:12 2015 +0200
pagemap: do not leak physical addresses to non-privileged userspace
it was later removed in:
commit 1c90308e7a77af6742a97d1021cca923b23b7f0d
Author: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Date: Tue Sep 8 15:00:07 2015 -0700
pagemap: hide physical addresses from non-privileged users
So I'm thinking that we should check "if euid != 0 and opening pagemap gives EPERM",
then quit with TCONF.
Regards,
Jan
>
> > Regards,
> > Jan
> >
> >>
> >> But I read the Documentation/vm/pagemap.txt and look at the source code in
> >> kernel,
> >> can't get it. :-(
> >>
> >> Someone help?
> >>>
> >>
> >>
> >> --
> >> Mailing list info: http://lists.linux.it/listinfo/ltp
> >>
> >
> > .
> >
>
>
next prev parent reply other threads:[~2015-10-31 8:15 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-28 3:11 [LTP] [PATCH 1/11] bind/bind02: Testcase failed when no root user run it Cui Bixuan
2015-10-28 3:11 ` [LTP] [PATCH 2/11] capset/capset02: " Cui Bixuan
2015-10-28 3:11 ` [LTP] [PATCH 3/11] chroot/chroot04: " Cui Bixuan
2015-10-28 3:11 ` [LTP] [PATCH 4/11] execve/execve03: " Cui Bixuan
2015-10-28 3:11 ` [LTP] [PATCH 5/11] syscalls/fcntl: Testcases " Cui Bixuan
2015-10-28 3:11 ` [LTP] [PATCH 6/11] mmap/mmap12: Testcase " Cui Bixuan
2015-10-29 11:57 ` Cyril Hrubis
2015-10-30 8:56 ` Cui Bixuan
2015-10-30 9:29 ` Jan Stancek
2015-10-31 0:54 ` Cui Bixuan
2015-10-31 8:15 ` Jan Stancek [this message]
2015-11-02 11:54 ` Cyril Hrubis
2015-11-03 8:01 ` [LTP] [PATCH 6/11 v2] mmap/mmap12: Testcase failed for non-root user Cui Bixuan
2015-11-03 8:24 ` Jan Stancek
2015-11-03 8:45 ` Cui Bixuan
2015-10-30 9:19 ` [LTP] [PATCH 6/11] mmap/mmap12: Testcase failed when no root user run it Cui Bixuan
2015-10-28 3:11 ` [LTP] [PATCH 7/11] mq_open/mq_open01: " Cui Bixuan
2015-10-28 3:11 ` [LTP] [PATCH 8/11] ipc/msgctl: Testcases " Cui Bixuan
2015-10-28 3:11 ` [LTP] [PATCH 9/11] ipc/semctl: " Cui Bixuan
2015-10-29 12:45 ` Cyril Hrubis
2015-10-28 3:11 ` [LTP] [PATCH 10/11] ipc/shmctl: Testcase " Cui Bixuan
2015-10-28 7:12 ` Zeng Linggang
2015-10-28 7:31 ` [LTP] [PATCH 10/11 v2] " Cui Bixuan
2015-10-28 7:33 ` [LTP] [PATCH 10/11] " Cui Bixuan
2015-10-29 12:46 ` Cyril Hrubis
2015-10-28 3:11 ` [LTP] [PATCH 11/11] unshare/unshare01: " Cui Bixuan
2015-10-29 12:52 ` Cyril Hrubis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=322055225.38333.1446279322374.JavaMail.zimbra@redhat.com \
--to=jstancek@redhat.com \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox