Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp3314296pxb; Tue, 19 Jan 2021 21:11:48 -0800 (PST) X-Google-Smtp-Source: ABdhPJw3NfhsQBD3P1JFOBfiEWEX2pZuh0hEatETt9rAMvmM9Ru4qT7zTkkFXPr/YH819ImEL3so X-Received: by 2002:a17:907:3e04:: with SMTP id hp4mr5317164ejc.188.1611119507931; Tue, 19 Jan 2021 21:11:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611119507; cv=none; d=google.com; s=arc-20160816; b=dXws16lC7SMBqXAxFEMud3qppuRJ3NCrEKe/BhFQ82gmMYd39/0/VUEeBWllVewiJz wYFHbI14NYNIthSnXI1i91fgfFwJmVkkdBHz4m/B2f6q6f280Mh98+FlfEKqZIexxa34 aXWRxmnxwkud2JLSeHQVcGIbfF13p2Awq+U93TcY72ie9jb6HAJUQc1GeLmX9jNjX6h9 /1XmZV303PFP+xpuHFwOGsaM/cHT7r7T4fVYPSnjBq3gFcbo0UXCYcAe6dMhnzcrhlq6 Zmn69h6DCUS+zxO9kN6bv98z0NMES93FJrhWkkJSkSunL5nLFhGzxMyLXLycYhlSl5ED UK4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:message-id:in-reply-to :subject:cc:to:from:date; bh=2Vn8aDOSjHKlI/+wSUSxTq8/Ny8+fdl84rhYbq91M6E=; b=fBcIk+ZMP949DPmwd3DyJq852roejx8WWh0bXdsUxXcDAZgR/HIBkLdhSI1LVYPNCc uh/f599UxVJbsn/7c2UZQeB8exTxYAfJKCJTy07Azl6xsXelvS7EfkHOUQr1+atF/LXm 0VyskCZZdSHP6tvSDq6xLw3hjRBt24yNORwd36JlPo+QzxTh+UodUSZG/oKkKVhr/1A9 WpBYNLfazHg59ua+dF+7gnospbE7vrkrB19gma2RHfXKDvPvvDdiOJrkb+zmLaOgqfdU pdxEyPndEs4kyY+QzEN/tciKwmVxvt7j2e0rpBNwmOOGT/oQ82VgVFLCGU4idemCDLu3 0zBg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id sb9si339500ejb.366.2021.01.19.21.11.13; Tue, 19 Jan 2021 21:11:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727346AbhATFGM (ORCPT + 99 others); Wed, 20 Jan 2021 00:06:12 -0500 Received: from namei.org ([65.99.196.166]:50812 "EHLO mail.namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729291AbhATFCm (ORCPT ); Wed, 20 Jan 2021 00:02:42 -0500 Received: from localhost (localhost [127.0.0.1]) by mail.namei.org (Postfix) with ESMTPS id 964A8751; Wed, 20 Jan 2021 05:01:13 +0000 (UTC) Date: Wed, 20 Jan 2021 16:01:13 +1100 (AEDT) From: James Morris To: Suren Baghdasaryan cc: Andrew Morton , jannh@google.com, Kees Cook , jeffv@google.com, minchan@kernel.org, mhocko@suse.com, shakeelb@google.com, rientjes@google.com, edgararriaga@google.com, timmurray@google.com, linux-mm@kvack.org, selinux@vger.kernel.org, linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-team@android.com, linux-security-module@vger.kernel.org Subject: Re: [PATCH v2 1/1] mm/madvise: replace ptrace attach requirement for process_madvise In-Reply-To: <20210111170622.2613577-1-surenb@google.com> Message-ID: References: <20210111170622.2613577-1-surenb@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 11 Jan 2021, Suren Baghdasaryan wrote: > Replace PTRACE_MODE_ATTACH with a combination of PTRACE_MODE_READ > and CAP_SYS_NICE. PTRACE_MODE_READ to prevent leaking ASLR metadata > and CAP_SYS_NICE for influencing process performance. Almost missed these -- please cc the LSM mailing list when modifying capabilities or other LSM-related things. -- James Morris