• Eric W. Biederman's avatar
    ptrace: Don't allow accessing an undumpable mm · 84d77d3f
    Eric W. Biederman authored
    It is the reasonable expectation that if an executable file is not
    readable there will be no way for a user without special privileges to
    read the file.  This is enforced in ptrace_attach but if ptrace
    is already attached before exec there is no enforcement for read-only
    executables.
    
    As the only way to read such an mm is through access_process_vm
    spin a variant called ptrace_access_vm that will fail if the
    target process is not being ptraced by the current process, or
    the current process did not have sufficient privileges when ptracing
    began to read the target processes mm.
    
    In the ptrace implementations replace access_process_vm by
    ptrace_access_vm.  There remain several ptrace sites that still use
    access_process_vm as they are reading the target executables
    instructions (for kernel consumption) or register stacks.  As such it
    does not appear necessary to add a permission check to those calls.
    
    This bug has always existed in Linux.
    
    Fixes: v1.0
    Cc: stable@vger.kernel.org
    Reported-by: default avatarAndy Lutomirski <luto@amacapital.net>
    Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
    84d77d3f
ptrace.c 9.99 KB