A /proc/PID/mem vulnerability
Posted Jan 30, 2012 9:43 UTC (Mon) by alonz
Parent article: A /proc/PID/mem vulnerability
What's really sad is that the exact same vulnerability was already known when the “fix” to relax the permissions was made (see references in this linux-kernel message from Alan Cox). Had the issue been clearly documented in comments / changelog messages, and not just on the mailing list, it would not have been lost.
And now the new patch is in place, and again the security implications are not documented where they will be seen by future developers. So we can certainly expect someone to
“fix” break this again one day, just because critical information was withheld from the changelog.
to post comments)