User: Password:
Subscribe / Log in / New account

A /proc/PID/mem vulnerability

A /proc/PID/mem vulnerability

Posted Jan 26, 2012 0:29 UTC (Thu) by PaXTeam (guest, #24616)
Parent article: A /proc/PID/mem vulnerability

a technical comment:

the open permission checks play no role here because /prod/pid/mem is opened *before* the suid execve, therefore the given process has every right to do it by design. the real problem is that the open gives access to an object (mm_struct) that is then *replaced* by the execve and the read/write accessors used the new object (that open can't have seen and denied access to). in other words there was an underlying assumption (fd = content) that wasn't true and the fix ensures this assumption now.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds