Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp368831pxb; Wed, 20 Jan 2021 08:54:46 -0800 (PST) X-Google-Smtp-Source: ABdhPJyiymLHJl9rkNaoszVvQaejyOtePaAddqQqduC9OsY2s2ww7Xc3ra04qmtpH///54VIinFV X-Received: by 2002:a05:6402:32c:: with SMTP id q12mr1503806edw.145.1611161686731; Wed, 20 Jan 2021 08:54:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611161686; cv=none; d=google.com; s=arc-20160816; b=xIo77Pwdryy0uxDWoCazsf0zNq94zUqDjDBdPlI9nF2HiCtQ97+92GAxcWR0NvqhBt usgAeZE2hTP1FQxCNRcPyJu3IPUduS5/MeZRqIsgv6RM7y1nkYbjmmbRbWLt9oryr1FD WQcKePD5by+JOpX4L0gjIdryTOWqQTYCI0c5JTK28pBQfUqcpb4bpzios9gJf02KUYSR gvyj6XQimpbjlaoh806lDTij5GEhqt2grnHnYUcRlEfzI+eVlXXsirMK0/L+Gn0J4qEG OF8Q+R3VaPszc+WsNej/WMPORwSz+iMWFockxEkL0HHY9R3lKJ1bRVvJCXmdnEhJ1Kgg kC5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=DUDg6TphmanEAstHgN26xAlXogE8/4FgyIPvwhmL7gs=; b=fz/73HoWZMGqxUhccP4ziX41/eC8NbcBrg2CP8AUjemE9NY6rcQkYtTQpQj0pvbnN4 qXilhOVvZmNOmZGh5ZS5UxEwOpAq2mzCjrzCgVCfRKEjt4g53HDggRGhAdCF5bOBBykm w8T8j5wJbTx9lOIQnCy9f0qEx4st6IqI9NPMoTqNmJdyTWLe0szP/BwdJXEU7alBT27W WZIuXwWuMvS5xdXPaiiYUtkPYzAWanBbyYrm96RbGYbaTAulSJkuOz/GvP8f0a/rp5OY h6IWPuT+zDJIlGVgqsRt/J3lOLT7ENbkk+BbklzSy5vNIZyoFKQmNDdXip1KsCQ2Eagx PC6g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=pghiOVPT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bd17si1061882edb.553.2021.01.20.08.54.22; Wed, 20 Jan 2021 08:54:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=pghiOVPT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388005AbhATQul (ORCPT + 99 others); Wed, 20 Jan 2021 11:50:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55054 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2403985AbhATQuA (ORCPT ); Wed, 20 Jan 2021 11:50:00 -0500 Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [IPv6:2a00:1450:4864:20::332]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BCF71C0613CF for ; Wed, 20 Jan 2021 08:49:19 -0800 (PST) Received: by mail-wm1-x332.google.com with SMTP id c127so3419612wmf.5 for ; Wed, 20 Jan 2021 08:49:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DUDg6TphmanEAstHgN26xAlXogE8/4FgyIPvwhmL7gs=; b=pghiOVPTDppHJ45SSMy2+CHFk9YLriSho7mdmM71ABsaxcBoFv3ja6EEAbJkf5fut1 moGYip9Q1qdPy8y4PyQmDoI8F3NhweKRHJyYT6RVMgzcirgaWmSM2g7Hs1eCsPvVeqAQ Q9Tap+PfCVJTLJbmIpzQsMDcH4Pgt/9Wg0ut+dezxUd9sU7NI39nu5yftOWPfdjqtC5o f8/TLGh5A3BMY9NwmgGHwE0aiRnk3zEm2KI4zvQhwSbTeZrQvRDJIpVhtw+/fplBTQCo lSpsQygOwAoS1thaJoWKph0ap8WwR3uWeNh6HyM4d1PFoC0cpEZpkxM70rPlvlgCBYPK oAUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DUDg6TphmanEAstHgN26xAlXogE8/4FgyIPvwhmL7gs=; b=ozLqfDN3UYAlRobc2nHFCpz71y4Mu3foIkzC9WQcf3/h2vyaU6qEiyR7jvQKgPPB9k BUIgsDsk4lWpBfTLLreWB6X3LfKwhOhguFYRlL37gOwNVmcWyCYUBbciQKitC5/fIOmt cTWhJJWBx98mYwbgebse/foTELTRaBpG7ejUJCw4MkGkfiYkRFNmdfFvD8rVcdZx9BRH DB52QZyHGEptpSacgfca1VctB7SNfC/3LwX+NM+dPkY8DWEm5HMhGdqYosRaMDAuHZzD aNuUqrNzY0PBYf+2k7pNJDdcG6eWHDhya7UVAWAn03tcZvAkfPXgE0RHV8fbJ5bfQGBZ Tu0w== X-Gm-Message-State: AOAM530aujVf76MqH1XdH7UmgB4RhVgYMSWICibesKQpQ8804AE4sFdZ 72Th5s7QOR8b9d747fctSZ7NAuspizWqmPww8ZBFVg== X-Received: by 2002:a05:600c:4e92:: with SMTP id f18mr5148677wmq.126.1611161358342; Wed, 20 Jan 2021 08:49:18 -0800 (PST) MIME-Version: 1.0 References: <20210111170622.2613577-1-surenb@google.com> In-Reply-To: From: Suren Baghdasaryan Date: Wed, 20 Jan 2021 08:49:07 -0800 Message-ID: Subject: Re: [PATCH v2 1/1] mm/madvise: replace ptrace attach requirement for process_madvise To: James Morris Cc: Andrew Morton , Jann Horn , Kees Cook , Jeffrey Vander Stoep , Minchan Kim , Michal Hocko , Shakeel Butt , David Rientjes , =?UTF-8?Q?Edgar_Arriaga_Garc=C3=ADa?= , Tim Murray , linux-mm , selinux@vger.kernel.org, Linux API , LKML , kernel-team , linux-security-module@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 19, 2021 at 9:02 PM James Morris wrote: > > On Mon, 11 Jan 2021, Suren Baghdasaryan wrote: > > > Replace PTRACE_MODE_ATTACH with a combination of PTRACE_MODE_READ > > and CAP_SYS_NICE. PTRACE_MODE_READ to prevent leaking ASLR metadata > > and CAP_SYS_NICE for influencing process performance. > > > Almost missed these -- please cc the LSM mailing list when modifying > capabilities or other LSM-related things. Thanks for the note. Will definitely include it when sending the next version. > > -- > James Morris > > > -- > To unsubscribe from this group and stop receiving emails from it, send an email to kernel-team+unsubscribe@android.com. >