Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752906AbcD1Tg2 (ORCPT ); Thu, 28 Apr 2016 15:36:28 -0400 Received: from mail-yw0-f194.google.com ([209.85.161.194]:34618 "EHLO mail-yw0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751539AbcD1Tg1 (ORCPT ); Thu, 28 Apr 2016 15:36:27 -0400 MIME-Version: 1.0 In-Reply-To: <20160428192009.lqoyl65l4lhnmecs@mguzik> References: <1461870258-17970-1-git-send-email-minipli@googlemail.com> <20160428192009.lqoyl65l4lhnmecs@mguzik> Date: Thu, 28 Apr 2016 21:36:26 +0200 Message-ID: Subject: Re: [PATCH] proc: prevent accessing /proc//environ until it's ready From: Mathias Krause To: Mateusz Guzik Cc: Andrew Morton , "linux-kernel@vger.kernel.org" , Emese Revfy , Pax Team , Al Viro , Alexey Dobriyan , Cyrill Gorcunov , Jarod Wilson Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 679 Lines: 14 On 28 April 2016 at 21:20, Mateusz Guzik wrote: > In this case get_cmdline in mm/util.c should also be patched for > completness. It tests for arg_end, but later accesses env_end. But it'll do this only when argv[] was modified from what the kernel initially wrote, which, in turn, either requires the process to have started executing and messing with it's own argv[] or another process poking at it via ptrace(). In the former case env_end will be non-zero already and I don't know if the latter case is actually possible, i.e. if one can already attach to a process this early. If one can, then yes, that place needs to be modified, too. Thanks, Mathias