pagemap: do not leak physical addresses to non-privileged userspace
As pointed by recent post[1] on exploiting DRAM physical imperfection, /proc/PID/pagemap exposes sensitive information which can be used to do attacks. This disallows anybody without CAP_SYS_ADMIN to read the pagemap. [1] http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html [ Eventually we might want to do anything more finegrained, but for now this is the simple model. - Linus ] Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Acked-by: Konstantin Khlebnikov <khlebnikov@openvz.org> Acked-by: Andy Lutomirski <luto@amacapital.net> Cc: Pavel Emelyanov <xemul@parallels.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Mark Seaborn <mseaborn@chromium.org> Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Родитель
06e5801b8c
Коммит
ab676b7d6f
|
@ -1325,6 +1325,9 @@ out:
|
|||
|
||||
static int pagemap_open(struct inode *inode, struct file *file)
|
||||
{
|
||||
/* do not disclose physical addresses: attack vector */
|
||||
if (!capable(CAP_SYS_ADMIN))
|
||||
return -EPERM;
|
||||
pr_warn_once("Bits 55-60 of /proc/PID/pagemap entries are about "
|
||||
"to stop being page-shift some time soon. See the "
|
||||
"linux/Documentation/vm/pagemap.txt for details.\n");
|
||||
|
|
Загрузка…
Ссылка в новой задаче