Since /proc entries varies at runtime, permission checks need to
happen during each system call.
However even with that /proc file descriptors can be passed to a more
privileged process (e.g. a suid-exec) which will pass the classic
ptrace_may_access() permission check. The open() call will be
Since /proc entries varies at runtime, permission checks need to
happen during each system call.
However even with that /proc file descriptors can be passed to a more
privileged process (e.g. a suid-exec) which will pass the classic
ptrace_may_access() permission check. The open() call will be
2 matches
Mail list logo
