[REVIEW][PATCH 2/3] ptrace: Don't allow accessing an undumpable mm

Kees Cook keescook at chromium.org
Thu Nov 17 23:17:27 UTC 2016


On Thu, Nov 17, 2016 at 2:50 PM, Eric W. Biederman
<ebiederm at xmission.com> wrote:
>
> It is the reasonable expectation that if an executable file is not
> readable there will be no way for a user without special privileges to
> read the file.  This is enforced in ptrace_attach but if ptrace
> is already attached before exec there is no enforcement for read-only
> executables.

Given the corner cases being fixed here, it might make sense to add
some simple tests to tools/testing/sefltests/ptrace/ to validate these
changes and avoid future regressions.

Regardless, it'll be nice to have this fixed. :)

-Kees

-- 
Kees Cook
Nexus Security


More information about the Containers mailing list