linux/kernel
Kees Cook 5096add84b proc: maps protection
The /proc/pid/ "maps", "smaps", and "numa_maps" files contain sensitive
information about the memory location and usage of processes.  Issues:

- maps should not be world-readable, especially if programs expect any
  kind of ASLR protection from local attackers.
- maps cannot just be 0400 because "-D_FORTIFY_SOURCE=2 -O2" makes glibc
  check the maps when %n is in a *printf call, and a setuid(getuid())
  process wouldn't be able to read its own maps file.  (For reference
  see http://lkml.org/lkml/2006/1/22/150)
- a system-wide toggle is needed to allow prior behavior in the case of
  non-root applications that depend on access to the maps contents.

This change implements a check using "ptrace_may_attach" before allowing
access to read the maps contents.  To control this protection, the new knob
/proc/sys/kernel/maps_protect has been added, with corresponding updates to
the procfs documentation.

[akpm@linux-foundation.org: build fixes]
[akpm@linux-foundation.org: New sysctl numbers are old hat]
Signed-off-by: Kees Cook <kees@outflux.net>
Cc: Arjan van de Ven <arjan@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-05-08 11:15:02 -07:00
..
irq MSI: arch must connect the irq and the msi_desc 2007-05-02 19:02:38 -07:00
power freezer: task->exit_state should be treated as bolean 2007-05-08 11:14:58 -07:00
time [PATCH] fix jiffies clocksource inittime 2007-04-04 21:12:47 -07:00
.gitignore gitignore: ignore more generated files 2006-01-03 11:35:26 +01:00
Kconfig.hz [PATCH] HZ: 300Hz support 2006-12-07 08:39:36 -08:00
Kconfig.preempt [PATCH] sched: voluntary kernel preemption 2005-06-25 16:24:45 -07:00
Makefile [PATCH] sysctl: move utsname sysctls to their own file 2007-02-14 08:09:58 -08:00
acct.c [PATCH] kernel: change uses of f_{dentry, vfsmnt} to use f_path 2006-12-08 08:28:42 -08:00
audit.c [NETLINK]: Switch cb_lock spinlock to mutex and allow to override it 2007-04-25 22:29:03 -07:00
audit.h [PATCH] audit: AUDIT_PERM support 2006-09-11 13:32:30 -04:00
auditfilter.c [PATCH] minor update to rule add/delete messages (ver 2) 2007-02-17 21:30:09 -05:00
auditsc.c [PATCH] fix deadlock in audit_log_task_context() 2007-03-14 15:27:48 -07:00
capability.c [PATCH] pid: replace do/while_each_task_pid with do/while_each_pid_task 2007-02-12 09:48:32 -08:00
compat.c [PATCH] Common compat_sys_sysinfo 2007-02-11 10:51:32 -08:00
configs.c [PATCH] struct seq_operations and struct file_operations constification 2006-12-07 08:39:46 -08:00
cpu.c [PATCH] Fix microcode-related suspend problem 2007-04-02 10:06:09 -07:00
cpuset.c cpusets: allow TIF_MEMDIE threads to allocate anywhere 2007-05-07 12:12:53 -07:00
delayacct.c KMEM_CACHE(): simplify slab cache creation 2007-05-07 12:12:55 -07:00
dma.c [PATCH] struct seq_operations and struct file_operations constification 2006-12-07 08:39:46 -08:00
exec_domain.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
exit.c Return EPERM not ECHILD on security_task_wait failure 2007-05-07 12:12:57 -07:00
extable.c [PATCH] symbol_put_addr() locks kernel 2006-05-15 11:20:55 -07:00
fork.c Merge sys_clone()/sys_unshare() nsproxy and namespace handling 2007-05-08 11:15:00 -07:00
futex.c [PATCH] futex: PI state locking fix 2007-03-16 19:25:06 -07:00
futex_compat.c [PATCH] __user annotations: futex 2006-10-10 15:37:22 -07:00
hrtimer.c [NET]: Fix networking compilation errors 2007-04-27 15:31:24 -07:00
itimer.c [PATCH] hrtimers: prevent possible itimer DoS 2007-02-16 08:13:59 -08:00
kallsyms.c Extend print_symbol capability 2007-04-30 16:40:39 -07:00
kexec.c Merge branch 'release' of master.kernel.org:/pub/scm/linux/kernel/git/aegl/linux-2.6 2006-12-07 15:39:22 -08:00
kfifo.c [PATCH] Numerous fixes to kernel-doc info in source files. 2007-02-11 10:51:32 -08:00
kmod.c Revert "Driver core: let request_module() send a /sys/modules/kmod/-uevent" 2007-02-23 14:54:57 -08:00
kprobes.c [PATCH] kprobes: list all active probes in the system 2007-02-20 17:10:14 -08:00
ksysfs.c remove "struct subsystem" as it is no longer needed 2007-05-02 18:57:59 -07:00
kthread.c [PATCH] Numerous fixes to kernel-doc info in source files. 2007-02-11 10:51:32 -08:00
latency.c [PATCH] severing module.h->sched.h 2006-12-04 02:00:22 -05:00
lockdep.c simplify the stacktrace code 2007-05-08 11:14:58 -07:00
lockdep_internals.h [PATCH] lockdep: more chains 2006-12-07 08:39:43 -08:00
lockdep_proc.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
module.c module: use krealloc 2007-05-08 11:15:00 -07:00
mutex-debug.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
mutex-debug.h [PATCH] lockdep: better lock debugging 2006-07-03 15:27:01 -07:00
mutex.c [PATCH] lockdep: avoid lockdep warning in md 2006-12-08 08:28:39 -08:00
mutex.h [PATCH] lockdep: prove mutex locking correctness 2006-07-03 15:27:04 -07:00
nsproxy.c Merge sys_clone()/sys_unshare() nsproxy and namespace handling 2007-05-08 11:15:00 -07:00
panic.c [PATCH] Add TAINT_USER and ability to set taint flags from userspace 2007-02-11 10:51:29 -08:00
params.c remove "struct subsystem" as it is no longer needed 2007-05-02 18:57:59 -07:00
pid.c Merge sys_clone()/sys_unshare() nsproxy and namespace handling 2007-05-08 11:15:00 -07:00
posix-cpu-timers.c [PATCH] posix timers: RCU optimization for clock_gettime() 2007-02-16 08:14:00 -08:00
posix-timers.c [PATCH] hrtimers: add high resolution timer support 2007-02-16 08:13:59 -08:00
printk.c kernel/printk.c: comment fix 2007-02-17 20:10:16 +01:00
profile.c [PATCH] proc: remove useless (and buggy) ->nlink settings 2007-02-11 10:51:32 -08:00
ptrace.c [PATCH] pidspace: is_init() 2006-09-29 09:18:12 -07:00
rcupdate.c [PATCH] rcu: add a prefetch() in rcu_do_batch() 2006-12-07 08:39:40 -08:00
rcutorture.c rcutorture: Mark rcu_torture_init as __init 2007-05-08 11:15:00 -07:00
relay.c [PATCH] kernel-doc fixes for 2.6.20-git15 (non-drivers) 2007-03-01 14:53:37 -08:00
resource.c libata/IDE: remove combined mode quirk 2007-04-28 14:15:59 -04:00
rtmutex-debug.c Remove all inclusions of <linux/config.h> 2006-10-04 03:38:54 -04:00
rtmutex-debug.h [PATCH] lockdep: better lock debugging 2006-07-03 15:27:01 -07:00
rtmutex-tester.c [PATCH] Add include/linux/freezer.h and move definitions from sched.h 2006-12-07 08:39:27 -08:00
rtmutex.c [PATCH] hrtimers: namespace and enum cleanup 2007-02-16 08:13:58 -08:00
rtmutex.h [PATCH] lockdep: better lock debugging 2006-07-03 15:27:01 -07:00
rtmutex_common.h [PATCH] pi-futex: futex_lock_pi/futex_unlock_pi support 2006-06-27 17:32:47 -07:00
rwsem.c [PATCH] lockdep: prove rwsem locking correctness 2006-07-03 15:27:04 -07:00
sched.c Safer nr_node_ids and nr_node_ids determination and initial values 2007-05-07 12:12:51 -07:00
seccomp.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
signal.c KMEM_CACHE(): simplify slab cache creation 2007-05-07 12:12:55 -07:00
softirq.c [PATCH] tick-management: dyntick / highres functionality 2007-02-16 08:13:59 -08:00
softlockup.c softlockup: s/99/MAX_RT_PRIO/ 2007-05-08 11:14:59 -07:00
spinlock.c [PATCH] lockdep: spin_lock_irqsave_nested() 2006-11-25 13:28:34 -08:00
srcu.c [PATCH] SRCU: report out-of-memory errors 2006-10-04 07:55:30 -07:00
stacktrace.c [PATCH] lockdep: stacktrace subsystem, core 2006-07-03 15:27:02 -07:00
stop_machine.c Use stop_machine_run in the Intel RNG driver 2007-05-08 11:15:00 -07:00
sys.c remove software_suspend() 2007-05-07 12:12:59 -07:00
sys_ni.c [PATCH] Create compat_sys_migrate_pages 2006-11-03 12:27:59 -08:00
sysctl.c proc: maps protection 2007-05-08 11:15:02 -07:00
taskstats.c KMEM_CACHE(): simplify slab cache creation 2007-05-07 12:12:55 -07:00
time.c Optimize timespec_trunc() 2007-05-08 11:15:01 -07:00
timer.c [AF_RXRPC]: Make it possible to merely try to cancel timers from a module 2007-04-26 15:46:56 -07:00
tsacct.c [PATCH] time: x86_64: split x86_64/kernel/time.c up 2007-02-16 08:14:00 -08:00
uid16.c [PATCH] Add more prevent_tail_call() 2006-04-19 16:27:18 -07:00
user.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
utsname.c Merge sys_clone()/sys_unshare() nsproxy and namespace handling 2007-05-08 11:15:00 -07:00
utsname_sysctl.c [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
wait.c [PATCH] uninline init_waitqueue_head() 2006-07-10 13:24:25 -07:00
workqueue.c [PATCH] Add debugging feature /proc/timer_stat 2007-02-16 08:13:59 -08:00