Re: useless kernel.maps_protect and more
- From: Kees Cook <kees@xxxxxxxxxxx>
- Date: Wed, 16 Jul 2008 07:20:22 -0700
Hi,
On Wed, Jul 16, 2008 at 06:11:35AM +0400, Alexey Dobriyan wrote:
commit 5096add84b9e96e2e0a9c72675c442fe5433388a
"proc: maps protection"
commit 831830b5a2b5d413407adf380ef62fe17d6fcbf2
"restrict reading from /proc/<pid>/maps to those who share ->mm or can ptrace pid"
After Al added mm_for_maps(), maps_protect stopped controlling anything,
because they're run at ->show time, but mm_for_maps() checks are done at
->start time.
Unless anyone objects, I'll remove maps_protect.
As long as this provides the same protections as maps_protect, I'm fine
with it. I am a bit confused, though, since the reason I had to create
the sysctl entry in the first place was because akpm objected to the
maps file disappearing without a tunable. Has this objection gone away?
Also, logic behind second commit applies to /proc/*/pagemap , don't you
think?
If that file shows memory location, yes. What about the numa maps that
the first commit protects?
Thanks,
-Kees
--
Kees Cook @outflux.net
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
- References:
- useless kernel.maps_protect and more
- From: Alexey Dobriyan
- useless kernel.maps_protect and more
- Prev by Date: Re: [build fix] Re: [GIT PATCH] SCSI part 1
- Next by Date: Re: RAID-1 performance under 2.4 and 2.6
- Previous by thread: useless kernel.maps_protect and more
- Next by thread: [BUG] i2c - "tried to init an initialized object"
- Index(es):
Relevant Pages
|
