On Wed, 21 Feb 2018 22:23:39 +0300 Alexey Dobriyan <[email protected]> wrote:
> /proc/*/cmdline is not different from /proc/*/environ as it accesses > target task's memory (and can access the very same region of memory) > but it doesn't go through ptrace_may_access() and thus doesn't go through LSM. > I'd really like to see more thoughtful changelogging, please. Why are we doing this? What is the advantage? Doesn't this mean that code which could previously read /proc/pid/cmdline may no longer be able to do so? Can't this break userspace? Discuss. Lots!
