Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756865Ab1CIAna (ORCPT ); Tue, 8 Mar 2011 19:43:30 -0500 Received: from mout.perfora.net ([74.208.4.195]:60217 "EHLO mout.perfora.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754905Ab1CIAn3 (ORCPT ); Tue, 8 Mar 2011 19:43:29 -0500 From: Stephen Wilson To: linux-mm@kvack.org Cc: Andrew Morton , Alexander Viro , Rik van Riel , KOSAKI Motohiro , Roland McGrath , Matt Mackall , David Rientjes , Nick Piggin , Andrea Arcangeli , Mel Gorman , Ingo Molnar , Michel Lespinasse , Hugh Dickins , linux-kernel@vger.kernel.org Subject: [PATCH 0/6] enable writing to /proc/pid/mem Date: Tue, 8 Mar 2011 19:42:17 -0500 Message-Id: <1299631343-4499-1-git-send-email-wilsons@start.ca> X-Mailer: git-send-email 1.7.3.5 X-Provags-ID: V02:K0:rlb6MljEkV8/rpehdnfnkgc1uZDLIXVPy+U1cZtihC4 kiobIEvET4iHhW6ctO5kOfSg0+GeQIXBlO9oj6mbkURKSnYqam 6IjLxC1EXQ0n7P0en25mHHWCypR86h2KEsBJ1hUclFwGWL7o9l OReip//wjiaRAnepgH0TvOehj2mPtbWiOY4tUl/PimVsLusHQc f/AfmoQAbt3gmpBIzrHkHl/Oti1SmV0Vw96WyaycRI= Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2041 Lines: 50 For a long time /proc/pid/mem has provided a read-only interface, at least since 2.4.0. However, a write capability has existed "forever" in tree via the function mem_write(), disabled with an #ifdef along with the comment "this is a security hazard". Currently, the main problem with mem_write() is that between the time permissions are checked and the actual write the target task could exec a setuid-root binary. This patch series enables safe writes to /proc/pid/mem. The principle strategy is to get a reference to the target task's mm before the permission check, and to hold that reference until after the write completes. This patch is useful as it gives debuggers a simple and efficient mechanism to manipulate a processes address space. Memory can be read and written using single calls to pread(2) and pwrite(2) instead of iteratively calling into ptrace(2). In addition, /proc/pid/mem has always had write permissions enabled, so clearly it *wants* to be written to. This series builds off previous work up for review here: http://lkml.org/lkml/2011/3/8/409 The general approach used was suggested to me by Alexander Viro, but any mistakes present in these patches are entirely my own. -- steve Stephen Wilson (6): mm: use mm_struct to resolve gate vma's in __get_user_pages mm: factor out main logic of access_process_vm mm: implement access_remote_vm proc: disable mem_write after exec proc: make check_mem_permission() return an mm_struct on success proc: enable writing to /proc/pid/mem fs/proc/base.c | 61 ++++++++++++++++++++++++++------------------- include/linux/mm.h | 2 + mm/memory.c | 69 +++++++++++++++++++++++++++++++++++++++------------- 3 files changed, 89 insertions(+), 43 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/