On Mon, 2006-01-23 at 04:28 -0500, Albert Cahalan wrote:
> On 1/23/06, Arjan van de Ven <[email protected]> wrote:
> > On Sun, 2006-01-22 at 17:19 -0500, Albert D. Cahalan wrote:
> > > This patch changes all 3 remaining maps files to be readable
> > > only for the file owner. There have been privacy concerns.
> > >
> > > Fedora Core 4 has been shipping with such permissions on
> > > the /proc/*/maps file already. General system monitoring
> > > tools seldom use these files.
> >
> > changing /maps to 0400 breaks glibc; there are cases where this would
> > lead to /proc/self/maps to be not readable (setuid like apps) so this
> > needs a more elaborate fix.
>
> Wow. Well, that's why I put the patch last in the series.
> The other 3 don't depend on it at all.
>
> I tend to think that glibc should not be reading this file.
> What excuse is there?
glibc needs to be able to find out if a certain address is writable. (eg
mapped "w"). The only way available for that is... reading the maps
file.
> In any case, the many existing statically linked executables
> do cause trouble. Setuid apps are the ones you'd most want
> to protect.
for this 0400 isn't enough; because you can open this file, send the fd
over a unix socket, and then exec. The process you sent the fd to can
then read the setuid's program maps file.
This thing is all a bit more complex than just the file mode ;(
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
