mirror of https://github.com/torvalds/linux.git
f83ce3e6b0
By using the same test as is used for /proc/pid/maps and /proc/pid/smaps, only allow processes that can ptrace() a given process to see information that might be used to bypass address space layout randomization (ASLR). These include eip, esp, wchan, and start_stack in /proc/pid/stat as well as the non-symbolic output from /proc/pid/wchan. ASLR can be bypassed by sampling eip as shown by the proof-of-concept code at http://code.google.com/p/fuzzyaslr/ As part of a presentation (http://www.cr0.org/paper/to-jt-linux-alsr-leak.pdf) esp and wchan were also noted as possibly usable information leaks as well. The start_stack address also leaks potentially useful information. Cc: Stable Team <stable@kernel.org> Signed-off-by: Jake Edge <jake@lwn.net> Acked-by: Arjan van de Ven <arjan@linux.intel.com> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| array.c | ||
| base.c | ||
| cmdline.c | ||
| cpuinfo.c | ||
| devices.c | ||
| generic.c | ||
| inode.c | ||
| internal.h | ||
| interrupts.c | ||
| kcore.c | ||
| kmsg.c | ||
| loadavg.c | ||
| meminfo.c | ||
| mmu.c | ||
| nommu.c | ||
| page.c | ||
| proc_devtree.c | ||
| proc_net.c | ||
| proc_sysctl.c | ||
| proc_tty.c | ||
| root.c | ||
| stat.c | ||
| task_mmu.c | ||
| task_nommu.c | ||
| uptime.c | ||
| version.c | ||
| vmcore.c | ||