On Tue, Mar 06, 2018 at 08:42:19PM +0300, Alexey Dobriyan wrote: > On Mon, Mar 05, 2018 at 05:02:08PM -0800, Kees Cook wrote: > > On Mon, Mar 5, 2018 at 4:07 PM, <a...@linux-foundation.org> wrote: > > > > It is more natural to check for read-from-memory permissions in case of > > > process_vm_readv() as PTRACE_MODE_ATTACH is equivalent to write > > > permissions. > > > > NAK, this weakens the existing permission model for reading > > What if existing permission model is overezealous? > > /proc/*/auxv, /proc/*/environ, /proc*/cmdline, /proc/*/mem opened > for reading and process_vm_readv(2) should do PTRACE_MODE_READ and > everything else should do PTRACE_MODE_ATTACH.
Or in other words: what if there should be 3 levels: 1) permission to write to address space 2) permission to read arbitrarily from adress space 3) permission to read auxv, argv and envp Current code conflates (1) and (2).