Re: > [PATCH] Security: Handle hidepid option correctly

On Mon, Dec 17, 2018 at 12:21:40PM +0800, 程洋 wrote: > Actually I'm pretty sure kernel calls proc_mount() > Here is the call stack OK, hidepid= is still misdesigned. :-(

Re: > [PATCH] Security: Handle hidepid option correctly

Actually I'm pretty sure kernel calls proc_mount() Here is the call stack [0.003450] [] proc_mount+0x2c/0x98 [0.003459] [] mount_fs+0x164/0x190 [0.003465] [] vfs_kern_mount+0x74/0x168 [0.003469] [] kern_mount_data+0x18/0x30 [0.003474] [] pid_ns_prepare_proc+0x24/0x40 [

Re: > [PATCH] Security: Handle hidepid option correctly

On Wed, Dec 05, 2018 at 03:26:04PM +0800, 程洋 wrote: > Anyone who can review my patch? > > 程洋 于2018年11月30日周五 上午10:34写道： > > > > Here is an article illustrates the details. > > https://medium.com/@topjohnwu/from-anime-game-to-android-system-security-vulnerability-9b955a182f20 > > > > And There is

Re: > [PATCH] Security: Handle hidepid option correctly

h MS_REMOUNT flag. But kernel > > will crash if we did this. > > > > Q: Why is this considered to be security sensitive? I can guess, but I'd > > like to know your reasoning. > > A: See the article above. It's part of Android sanbox. > > > >

Re: > [PATCH] Security: Handle hidepid option correctly

h MS_REMOUNT flag. But kernel > > will crash if we did this. > > > > Q: Why is this considered to be security sensitive? I can guess, but I'd > > like to know your reasoning. > > A: See the article above. It's part of Android sanbox. > > > >

Re: > [PATCH] Security: Handle hidepid option correctly

REMOUNT flag. But kernel > will crash if we did this. > > Q: Why is this considered to be security sensitive? I can guess, but I'd > like to know your reasoning. > A: See the article above. It's part of Android sanbox. > > > > [PATCH] Security: Handle hidepid option correctly

Re: > [PATCH] Security: Handle hidepid option correctly

REMOUNT flag. But kernel > will crash if we did this. > > Q: Why is this considered to be security sensitive? I can guess, but I'd > like to know your reasoning. > A: See the article above. It's part of Android sanbox. > > > > [PATCH] Security: Handle hidepid option correctly

Re: > [PATCH] Security: Handle hidepid option correctly

will crash if we did this. > > Q: Why is this considered to be security sensitive? I can guess, but I'd > like to know your reasoning. > A: See the article above. It's part of Android sanbox. > > > > [PATCH] Security: Handle hidepid option correctly > > Why is this

Re: > [PATCH] Security: Handle hidepid option correctly

will crash if we did this. > > Q: Why is this considered to be security sensitive? I can guess, but I'd > like to know your reasoning. > A: See the article above. It's part of Android sanbox. > > > > [PATCH] Security: Handle hidepid option correctly > > Why is this

Re: > [PATCH] Security: Handle hidepid option correctly

ticle above. It's part of Android sanbox. > > > > [PATCH] Security: Handle hidepid option correctly > > Why is this considered to be security sensitive? I can guess, but I'd like > to know your reasoning. > > On Thu, 29 Nov 2018 19:08:21 +0800 mailto:d17103...@gmail.com wrot

Re: > [PATCH] Security: Handle hidepid option correctly

ticle above. It's part of Android sanbox. > > > > [PATCH] Security: Handle hidepid option correctly > > Why is this considered to be security sensitive? I can guess, but I'd like > to know your reasoning. > > On Thu, 29 Nov 2018 19:08:21 +0800 mailto:d17103...@gmail.com wrot

> [PATCH] Security: Handle hidepid option correctly

now your reasoning. A: See the article above. It's part of Android sanbox. > [PATCH] Security: Handle hidepid option correctly Why is this considered to be security sensitive? I can guess, but I'd like to know your reasoning. On Thu, 29 Nov 2018 19:08:21 +0800 mailto:d17103...@gmail.com

> [PATCH] Security: Handle hidepid option correctly

now your reasoning. A: See the article above. It's part of Android sanbox. > [PATCH] Security: Handle hidepid option correctly Why is this considered to be security sensitive? I can guess, but I'd like to know your reasoning. On Thu, 29 Nov 2018 19:08:21 +0800 mailto:d17103...@gmail.com

Re: [PATCH] Security: Handle hidepid option correctly

> [PATCH] Security: Handle hidepid option correctly Why is this considered to be security sensitive? I can guess, but I'd like to know your reasoning. On Thu, 29 Nov 2018 19:08:21 +0800 d17103...@gmail.com wrote: > From: Cheng Yang > > The proc_parse_options() call from proc_

Re: [PATCH] Security: Handle hidepid option correctly

> [PATCH] Security: Handle hidepid option correctly Why is this considered to be security sensitive? I can guess, but I'd like to know your reasoning. On Thu, 29 Nov 2018 19:08:21 +0800 d17103...@gmail.com wrote: > From: Cheng Yang > > The proc_parse_options() call from proc_

[PATCH] Security: Handle hidepid option correctly

From: Cheng Yang The proc_parse_options() call from proc_mount() runs only once at boot time. So on any later mount attempt, any mount options are ignored because ->s_root is already initialized. As a consequence, "mount -o " will ignore the options. The only way to change mount options is

[PATCH] Security: Handle hidepid option correctly

From: Cheng Yang The proc_parse_options() call from proc_mount() runs only once at boot time. So on any later mount attempt, any mount options are ignored because ->s_root is already initialized. As a consequence, "mount -o " will ignore the options. The only way to change mount options is