After commit
831830b5a2b5d413407adf380ef62fe17d6fcbf2 aka
"restrict reading from /proc/<pid>/maps to those who share ->mm or can ptrace"
sysctl stopped being relevant because commit moved security checks from ->show
time to ->start time (mm_for_maps()).
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Acked-by: Kees Cook <kees.cook@canonical.com>
Because the NMI watchdog shares registers with oprofile, by disabling the NMI
watchdog, oprofile may have more registers to utilize.
Because the NMI watchdog shares registers with oprofile, by disabling the NMI
watchdog, oprofile may have more registers to utilize.
-maps_protect
-------------
-
-Enables/Disables the protection of the per-process proc entries "maps" and
-"smaps". When enabled, the contents of these files are visible only to
-readers that are allowed to ptrace() the given process.
-
-int maps_protect;
-EXPORT_SYMBOL(maps_protect);
-
static struct fs_struct *get_fs_struct(struct task_struct *task)
{
struct fs_struct *fs;
static struct fs_struct *get_fs_struct(struct task_struct *task)
{
struct fs_struct *fs;
extern int nommu_vma_show(struct seq_file *, struct vm_area_struct *);
#endif
extern int nommu_vma_show(struct seq_file *, struct vm_area_struct *);
#endif
-extern int maps_protect;
-
extern int proc_tid_stat(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *task);
extern int proc_tgid_stat(struct seq_file *m, struct pid_namespace *ns,
extern int proc_tid_stat(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *task);
extern int proc_tgid_stat(struct seq_file *m, struct pid_namespace *ns,
- if (maps_protect && !ptrace_may_access(task, PTRACE_MODE_READ))
- return -EACCES;
-
if (file) {
struct inode *inode = vma->vm_file->f_path.dentry->d_inode;
dev = inode->i_sb->s_dev;
if (file) {
struct inode *inode = vma->vm_file->f_path.dentry->d_inode;
dev = inode->i_sb->s_dev;
#ifdef CONFIG_NUMA
extern int show_numa_map(struct seq_file *m, void *v);
#ifdef CONFIG_NUMA
extern int show_numa_map(struct seq_file *m, void *v);
-static int show_numa_map_checked(struct seq_file *m, void *v)
-{
- struct proc_maps_private *priv = m->private;
- struct task_struct *task = priv->task;
-
- if (maps_protect && !ptrace_may_access(task, PTRACE_MODE_READ))
- return -EACCES;
-
- return show_numa_map(m, v);
-}
-
static const struct seq_operations proc_pid_numa_maps_op = {
.start = m_start,
.next = m_next,
.stop = m_stop,
static const struct seq_operations proc_pid_numa_maps_op = {
.start = m_start,
.next = m_next,
.stop = m_stop,
- .show = show_numa_map_checked
};
static int numa_maps_open(struct inode *inode, struct file *file)
};
static int numa_maps_open(struct inode *inode, struct file *file)
static int show_map(struct seq_file *m, void *_vml)
{
struct vm_list_struct *vml = _vml;
static int show_map(struct seq_file *m, void *_vml)
{
struct vm_list_struct *vml = _vml;
- struct proc_maps_private *priv = m->private;
- struct task_struct *task = priv->task;
-
- if (maps_protect && !ptrace_may_access(task, PTRACE_MODE_READ))
- return -EACCES;
return nommu_vma_show(m, vml->vma);
}
return nommu_vma_show(m, vml->vma);
}
extern int sysctl_drop_caches;
extern int percpu_pagelist_fraction;
extern int compat_log;
extern int sysctl_drop_caches;
extern int percpu_pagelist_fraction;
extern int compat_log;
-extern int maps_protect;
extern int latencytop_enabled;
extern int sysctl_nr_open_min, sysctl_nr_open_max;
#ifdef CONFIG_RCU_TORTURE_TEST
extern int latencytop_enabled;
extern int sysctl_nr_open_min, sysctl_nr_open_max;
#ifdef CONFIG_RCU_TORTURE_TEST
.mode = 0644,
.proc_handler = &proc_dointvec,
},
.mode = 0644,
.proc_handler = &proc_dointvec,
},
-#endif
-#ifdef CONFIG_PROC_FS
- {
- .ctl_name = CTL_UNNUMBERED,
- .procname = "maps_protect",
- .data = &maps_protect,
- .maxlen = sizeof(int),
- .mode = 0644,
- .proc_handler = &proc_dointvec,
- },
#endif
{
.ctl_name = CTL_UNNUMBERED,
#endif
{
.ctl_name = CTL_UNNUMBERED,
projects / firefly-linux-kernel-4.4.55.git / commitdiff