On Sun, Dec 15, 2013 at 10:57 AM, Djalal Harouni <[email protected]> wrote: > The following patches make /proc/*/{stack,syscall,personality,pagemap} > 0400.
Yes, please! This greatly reduces the scope of the leak problem (with 0400 the leak is possible only if an attacker can spawn the target setuid process, instead of being able to leak from an already running one). -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
