LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

A /proc/PID/mem vulnerability

A /proc/PID/mem vulnerability

Posted Jan 30, 2012 9:43 UTC (Mon) by alonz (subscriber, #815)
Parent article: A /proc/PID/mem vulnerability

What's really sad is that the exact same vulnerability was already known when the “fix” to relax the permissions was made (see references in this linux-kernel message from Alan Cox). Had the issue been clearly documented in comments / changelog messages, and not just on the mailing list, it would not have been lost.

And now the new patch is in place, and again the security implications are not documented where they will be seen by future developers. So we can certainly expect someone to “fix” break this again one day, just because critical information was withheld from the changelog.

(Log in to post comments)

A /proc/PID/mem vulnerability

Posted Feb 8, 2012 7:41 UTC (Wed) by Duncan (guest, #6647) [Link]

Not that many will ever read this far down even if they come across the article via google or whatever at this late date, but...

What is there about ...

"isn't very robust.. doesn't match the permission checking... This changes ... permission checks"

... that does not SCREAM security vuln? To me it certainly does!

I mean, what is one /doing/ "permissions checks" for if not for security? Otherwise they'd be something else, data validity checks, maybe. But if they're permissions checks, then by implications there's something there to be secured BY those permissions checks.

And if the simple phrase "permission checks" isn't enough to get someone investigating, surely adding "isn't very robust... changing" to the mix, when the context is "permission checks" should do so!

If I say my bank account isn't very robust and that I'm working to change it, who wouldn't read that as a saying I lack money but am trying to change it? If I say the permission checks aren't very robust and that they're being changed, how on earth can it mean anything BUT "THIS COMMIT HAS POTENTIAL SECURITY IMPLICATIONS!"? (Yes, to me it's SHOUTING, so the caps are warranted.)

Duncan

A /proc/PID/mem vulnerability

Posted Feb 11, 2012 19:56 UTC (Sat) by alonz (subscriber, #815) [Link]

Yes, the changelog doesn't competently hide that there are security issues.

But it does hide the specific vulnerability in the previous code. So it's really useless for educating the next generation. (Unless you believe whoever next touches this code will magically understand what the real issue is…?)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds