On Wed, Oct 3, 2012 at 11:02 AM, David Rientjes wrote:
> On Wed, 3 Oct 2012, Kees Cook wrote:
>
>> > So root does echo 0 > /proc/sys/kernel/kptr_restrict first. Again: what
>> > are you trying to protect?
>>
>> Only CAP_SYS_ADMIN can change the setting. This is, for example, for
>> containers,
On Wed, 3 Oct 2012, Kees Cook wrote:
> > So root does echo 0 > /proc/sys/kernel/kptr_restrict first. Again: what
> > are you trying to protect?
>
> Only CAP_SYS_ADMIN can change the setting. This is, for example, for
> containers, or other situations where a uid 0 process lacking
>
On Tue, Oct 2, 2012 at 10:37 PM, David Rientjes wrote:
> On Tue, 2 Oct 2012, Kees Cook wrote:
>
>> >> In the paranoid case of sysctl kernel.kptr_restrict=2, mask the kernel
>> >> virtual addresses in /proc/vmallocinfo too.
>> >>
>> >> Reported-by: Brad Spengler
>> >> Signed-off-by: Kees Cook
>>
On Tue, Oct 2, 2012 at 10:37 PM, David Rientjes rient...@google.com wrote:
On Tue, 2 Oct 2012, Kees Cook wrote:
In the paranoid case of sysctl kernel.kptr_restrict=2, mask the kernel
virtual addresses in /proc/vmallocinfo too.
Reported-by: Brad Spengler spen...@grsecurity.net
On Wed, 3 Oct 2012, Kees Cook wrote:
So root does echo 0 /proc/sys/kernel/kptr_restrict first. Again: what
are you trying to protect?
Only CAP_SYS_ADMIN can change the setting. This is, for example, for
containers, or other situations where a uid 0 process lacking
CAP_SYS_ADMIN cannot
On Wed, Oct 3, 2012 at 11:02 AM, David Rientjes rient...@google.com wrote:
On Wed, 3 Oct 2012, Kees Cook wrote:
So root does echo 0 /proc/sys/kernel/kptr_restrict first. Again: what
are you trying to protect?
Only CAP_SYS_ADMIN can change the setting. This is, for example, for
On Tue, 2 Oct 2012, Kees Cook wrote:
> >> In the paranoid case of sysctl kernel.kptr_restrict=2, mask the kernel
> >> virtual addresses in /proc/vmallocinfo too.
> >>
> >> Reported-by: Brad Spengler
> >> Signed-off-by: Kees Cook
> >
> > /proc/vmallocinfo is S_IRUSR, not S_IRUGO, so exactly what
On Tue, Oct 2, 2012 at 10:12 PM, David Rientjes wrote:
> On Tue, 2 Oct 2012, Kees Cook wrote:
>
>> In the paranoid case of sysctl kernel.kptr_restrict=2, mask the kernel
>> virtual addresses in /proc/vmallocinfo too.
>>
>> Reported-by: Brad Spengler
>> Signed-off-by: Kees Cook
>
>
On Tue, 2 Oct 2012, Kees Cook wrote:
> In the paranoid case of sysctl kernel.kptr_restrict=2, mask the kernel
> virtual addresses in /proc/vmallocinfo too.
>
> Reported-by: Brad Spengler
> Signed-off-by: Kees Cook
/proc/vmallocinfo is S_IRUSR, not S_IRUGO, so exactly what are you trying
to
On Tue, Oct 2, 2012 at 7:49 PM, Kees Cook wrote:
> In the paranoid case of sysctl kernel.kptr_restrict=2, mask the kernel
> virtual addresses in /proc/vmallocinfo too.
>
> Reported-by: Brad Spengler
> Signed-off-by: Kees Cook
> ---
> mm/vmalloc.c |2 +-
> 1 file changed, 1 insertion(+), 1
On Tue, Oct 2, 2012 at 7:49 PM, Kees Cook keesc...@chromium.org wrote:
In the paranoid case of sysctl kernel.kptr_restrict=2, mask the kernel
virtual addresses in /proc/vmallocinfo too.
Reported-by: Brad Spengler spen...@grsecurity.net
Signed-off-by: Kees Cook keesc...@chromium.org
---
On Tue, 2 Oct 2012, Kees Cook wrote:
In the paranoid case of sysctl kernel.kptr_restrict=2, mask the kernel
virtual addresses in /proc/vmallocinfo too.
Reported-by: Brad Spengler spen...@grsecurity.net
Signed-off-by: Kees Cook keesc...@chromium.org
/proc/vmallocinfo is S_IRUSR, not
On Tue, Oct 2, 2012 at 10:12 PM, David Rientjes rient...@google.com wrote:
On Tue, 2 Oct 2012, Kees Cook wrote:
In the paranoid case of sysctl kernel.kptr_restrict=2, mask the kernel
virtual addresses in /proc/vmallocinfo too.
Reported-by: Brad Spengler spen...@grsecurity.net
Signed-off-by:
On Tue, 2 Oct 2012, Kees Cook wrote:
In the paranoid case of sysctl kernel.kptr_restrict=2, mask the kernel
virtual addresses in /proc/vmallocinfo too.
Reported-by: Brad Spengler spen...@grsecurity.net
Signed-off-by: Kees Cook keesc...@chromium.org
/proc/vmallocinfo is S_IRUSR, not
14 matches
Mail list logo