Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp766026imm; Sat, 26 May 2018 10:31:47 -0700 (PDT) X-Google-Smtp-Source: AB8JxZr5K5hO53duVdoAWIMcf7fNroIG4fqbJnRieCyUOmhHiqEwXU9DnqpwOlIZP1ywaBkbuzvZ X-Received: by 2002:a17:902:8602:: with SMTP id f2-v6mr7200538plo.5.1527355907503; Sat, 26 May 2018 10:31:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527355907; cv=none; d=google.com; s=arc-20160816; b=cl/XGHYO9EZGrdExESyVBDV32oStwJwLHvcNTtrszEiamzWXQ44CKHNE+2/b1YMrWn UREotmgPPROPOnqYOP+roLVK3MzMD6/xMys9RxMrCGh59bNvmNLzWMw/KKFjGA754Wgw onyojjniXmeL2qao5GWG3+ZAijJTLykJf1amCvSyOoJiSIvbi+FaevufhAvrI6HTzRJD JhcmdbNwwLYuam/zKjdVElWmKhNNiK4bFrtsS5wg56cAt5EtwUBc2cmKabu8YN7OhZTV R0SR9D0xW9duJ7sgjtTlcAD4sVoBm8LNgtRc9jpvWpTGIiwLwtlbgELA/w0rNCe5lbjG KqxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=FlzHD8UHKWXtuGSYLcvBEDRD49X1sr+ZujShynXB2yc=; b=UQurTc17gs/GCOBN6s5n/qjTV5lrh6H6tM8P99ydK+XTO83ligcsF7QYtO8Sxb5h6e SvSHNNO/tLbX8HxKslWbPelixy4pc+QW+5MvF/7r/HuN6YyuHl5DVH2pyi0h5Is0ugsF Q0QEE1wZmFyGYFjvIzhfwtc65zgNRyyxfmD97wf/VCVsDQFEttcmzkSpLBuGAhupII8a mJVqUzENYevIN5k68KE1m/8YFfujFBVty60pJDWjwZoWyYtkWfei+FsISUYCswmTA+DT 6K1CixTC3bCGbp49dMOUQ8N1AcbzvYrig0s89HySBKQ7gyphl0dSWQ7f1yiAxWf8MRWq otQg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=kF+6+6I1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t14-v6si20365883pgn.521.2018.05.26.10.31.20; Sat, 26 May 2018 10:31:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=kF+6+6I1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1032231AbeEZRbK (ORCPT + 99 others); Sat, 26 May 2018 13:31:10 -0400 Received: from mail-ua0-f195.google.com ([209.85.217.195]:45103 "EHLO mail-ua0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1032007AbeEZRbI (ORCPT ); Sat, 26 May 2018 13:31:08 -0400 Received: by mail-ua0-f195.google.com with SMTP id j5-v6so5450157uak.12; Sat, 26 May 2018 10:31:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=FlzHD8UHKWXtuGSYLcvBEDRD49X1sr+ZujShynXB2yc=; b=kF+6+6I1HFvF4MQ52zvpWj5u/TSp2ZBhQzo3TBFT3x0QS+Lt9D6IKrkuOtYwQS5Zy/ Qx/voEtvW+qzDheoZ03Z0o6PffdWoQ9eob/hNnbdt86uj5OunWLb/U71S23SZ9h9J6Ka d9aupOdu05SAh40NNKVv95EcFNs1mgrSFrB12nZJ+LK7HKLaumDOY7q2L9I2LfnVuOwT Qyz0nhDDelcjCtZHGTwTrqG7EMRkAr+9Fj0nOwpuspILg6UqqE0PNQwBNulITfPo+kTk Y0seLyJr3aiyt5QnQ4OWuqgV5/ynGJ1QhcfAHg9ChRgQFAoJi055I34aomJIV8u/ZVDG fsZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=FlzHD8UHKWXtuGSYLcvBEDRD49X1sr+ZujShynXB2yc=; b=qBA4HUpyhova8mhH9Qu744+rgDEYi/CYMrfnDSJ61PJwqiiiZWg8qX12SNxSg7Ss1Y 9LT6rCdz6+sE7a/GMrogDnpftiQSr4W3SFbCm7S9dYtGHTZVwx1XlCIQX25SJ+JvXYFR mpFZD9+ubjdng6CygcF7872tSp47BGhDWNqkU1R8GI2A09qmMEB1Zw/DAqhireay/+uH 3k2SYCQk/JFZG/6Jd98OkQzMH74KbI/hFgbvoPqu6a/5HkwT5t0nemH84VKxMErPL7m0 ULShjI04pAwy1vqUc5R+l3Op3DMU1F81XfDdYqbQXk0t6nUYKpMdjCRCA8a0qYVESwnz TJVQ== X-Gm-Message-State: ALKqPwe76lB9LIk062i99s0ObOUW5j9/dxWJSbDP9c2aIuTCi5wiQKMA fGPoN0iS/Hi49FZG011YuKqvuDyRbEHiJbUOTqc= X-Received: by 2002:ab0:51c7:: with SMTP id h7-v6mr4496427uaa.77.1527355867894; Sat, 26 May 2018 10:31:07 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a67:381:0:0:0:0:0 with HTTP; Sat, 26 May 2018 10:30:47 -0700 (PDT) In-Reply-To: <20180526154819.GA14016@avx2> References: <1527346246-1334-1-git-send-email-s.mesoraca16@gmail.com> <20180526154819.GA14016@avx2> From: Salvatore Mesoraca Date: Sat, 26 May 2018 19:30:47 +0200 Message-ID: Subject: Re: [PATCH] proc: prevent a task from writing on its own /proc/*/mem To: Alexey Dobriyan Cc: Kernel Hardening , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Andrew Morton , Akinobu Mita , Dmitry Vyukov , Arnd Bergmann , Davidlohr Bueso , Kees Cook Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 2018-05-26 17:48 GMT+02:00 Alexey Dobriyan : > On Sat, May 26, 2018 at 04:50:46PM +0200, Salvatore Mesoraca wrote: >> Prevent a task from opening, in "write" mode, any /proc/*/mem >> file that operates on the task's mm. >> /proc/*/mem is mainly a debugging means and, as such, it shouldn't >> be used by the inspected process itself. >> Current implementation always allow a task to access its own >> /proc/*/mem file. >> A process can use it to overwrite read-only memory, making >> pointless the use of security_file_mprotect() or other ways to >> enforce RO memory. > > You can do it in security_ptrace_access_check() No, because that hook is skipped when mm == current->mm: https://elixir.bootlin.com/linux/v4.17-rc6/source/kernel/fork.c#L1111 > or security_file_open() This is true, but it looks a bit overkill to me, especially since many of the macros/functions used to handle proc's files won't be in scope for an external LSM. Is there any particular reason why you prefer it done via LSM? Thank you, Salvatore