the open permission checks play no role here because /prod/pid/mem is opened *before* the suid execve, therefore the given process has every right to do it by design. the real problem is that the open gives access to an object (mm_struct) that is then *replaced* by the execve and the read/write accessors used the new object (that open can't have seen and denied access to). in other words there was an underlying assumption (fd = content) that wasn't true and the fix ensures this assumption now.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds