On Sun, Jun 26, 2011 at 12:55:33AM +0200, Jean-Yves Migeon wrote: > > Don't give out information about processes we can't control. > > Thanks to Aleksey and you for fixing the procfs leak. > > I wonder whether pmap's code is the right place to check for > "information" access control. It's difficult to modify except by > patching the source, does not protect from abusing/finding exploits to > circumvent the check (any executable that has kmem sgid rights is a > target), and there are other potential tools usable out there (lsof(1), > maybe?).
It used to e.g. give out the pathnames of all the files everyone on the system has open, which is definitely not desirable. I remember I had concerns about it when it first appeared, and I remember contacting someone about it, but I don't remember who and neither they nor I followed up at the time. :-/ -- David A. Holland [email protected]
