aha/fs/proc
Jake Edge f83ce3e6b0 proc: avoid information leaks to non-privileged processes
By using the same test as is used for /proc/pid/maps and /proc/pid/smaps,
only allow processes that can ptrace() a given process to see information
that might be used to bypass address space layout randomization (ASLR).
These include eip, esp, wchan, and start_stack in /proc/pid/stat as well
as the non-symbolic output from /proc/pid/wchan.

ASLR can be bypassed by sampling eip as shown by the proof-of-concept
code at http://code.google.com/p/fuzzyaslr/ As part of a presentation
(http://www.cr0.org/paper/to-jt-linux-alsr-leak.pdf) esp and wchan were
also noted as possibly usable information leaks as well.  The
start_stack address also leaks potentially useful information.

Cc: Stable Team <stable@kernel.org>
Signed-off-by: Jake Edge <jake@lwn.net>
Acked-by: Arjan van de Ven <arjan@linux.intel.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-05-04 15:14:23 -07:00
..
array.c proc: avoid information leaks to non-privileged processes 2009-05-04 15:14:23 -07:00
base.c proc: avoid information leaks to non-privileged processes 2009-05-04 15:14:23 -07:00
cmdline.c proc: switch /proc/cmdline to seq_file 2008-10-23 14:29:04 +04:00
cpuinfo.c proc: move /proc/cpuinfo code to fs/proc/cpuinfo.c 2008-10-23 15:05:11 +04:00
devices.c proc: move /proc/devices code to fs/proc/devices.c 2008-10-23 15:02:18 +04:00
generic.c proc 1/2: do PDE usecounting even for ->read_proc, ->write_proc 2009-03-31 01:14:27 +04:00
inode.c proc 2/2: remove struct proc_dir_entry::owner 2009-03-31 01:14:44 +04:00
internal.h proc 1/2: do PDE usecounting even for ->read_proc, ->write_proc 2009-03-31 01:14:27 +04:00
interrupts.c proc: move /proc/interrupts boilerplate code to fs/proc/interrupts.c 2008-10-23 15:15:46 +04:00
Kconfig proc: move PROC_PAGE_MONITOR to fs/proc/Kconfig 2008-10-10 04:18:57 +04:00
kcore.c proc: move all /proc/kcore stuff to fs/proc/kcore.c 2008-10-23 18:32:38 +04:00
kmsg.c proc: move /proc/kmsg creation to fs/proc/kmsg.c 2008-10-23 14:35:08 +04:00
loadavg.c proc: switch /proc/loadavg to seq_file 2008-10-23 13:45:28 +04:00
Makefile proc: remove fs/proc/proc_misc.c 2008-10-23 18:54:05 +04:00
meminfo.c mm: fix Committed_AS underflow on large NR_CPUS environment 2009-05-02 15:36:10 -07:00
mmu.c
nommu.c trivial: fix typo "kernal" -> "kernel" 2009-03-30 15:21:57 +02:00
page.c proc: fix kflags to uflags copying in /proc/kpageflags 2009-03-11 07:43:33 -07:00
proc_devtree.c powerpc: Remove `have_of' global variable 2008-12-16 15:52:57 +11:00
proc_net.c proc: stop using BKL 2009-01-05 12:27:44 +03:00
proc_sysctl.c constify dentry_operations: procfs 2009-03-27 14:44:01 -04:00
proc_tty.c proc tty: remove struct tty_operations::read_proc 2009-04-01 08:59:10 -07:00
root.c vfs: simple_set_mnt() should return void 2009-03-27 14:44:03 -04:00
stat.c [S390] /proc/stat idle field for idle cpus 2009-04-23 13:58:17 +02:00
task_mmu.c pagemap: require aligned-length, non-null reads of /proc/pid/pagemap 2009-05-02 15:36:09 -07:00
task_nommu.c nommu: fix typo vma->pg_off to vma->vm_pgoff 2009-04-08 10:21:44 -07:00
uptime.c Revert "proc: revert /proc/uptime to ->read_proc hook" 2009-03-31 01:14:58 +04:00
version.c proc: switch /proc/version to seq_file 2008-10-23 14:19:58 +04:00
vmcore.c vmcore: remove saved_max_pfn check 2009-01-08 08:31:14 -08:00