On Sun, Dec 15, 2013 at 10:57 AM, Djalal Harouni wrote:
> The /proc/*/pagemap contain sensitive information and currently its
> mode is 0444. Change this to 0400, so the VFS will prevent unprivileged
> processes from getting file descriptors on arbitrary privileged
> /proc/*/pagemap files.
>
Look
The /proc/*/pagemap contain sensitive information and currently its
mode is 0444. Change this to 0400, so the VFS will prevent unprivileged
processes from getting file descriptors on arbitrary privileged
/proc/*/pagemap files.
Cc: Eric W. Biederman
Cc: Kees Cook
Signed-off-by: Djalal Harouni
--
2 matches
Mail list logo