Re: [PATCH v4 2/2] proc: restrict /proc/pid/mem

From: Adrian Ratiu <hidden>
Date: 2024-05-27 11:21:13
Also in: linux-doc, linux-fsdevel, linux-hardening, lkml

On Saturday, May 25, 2024 08:49 EEST, Randy Dunlap [off-list ref] wrote:

Hi--

On 5/24/24 12:28 PM, Adrian Ratiu wrote:

quoted

diff --git a/security/Kconfig b/security/Kconfig
index 412e76f1575d..0cd73f848b5a 100644
--- a/security/Kconfig
+++ b/security/Kconfig

@@ -183,6 +183,74 @@ config STATIC_USERMODEHELPER_PATH
 	  If you wish for all usermode helper programs to be disabled,
 	  specify an empty string here (i.e. "").
 
+menu "Procfs mem restriction options"
+
+config PROC_MEM_RESTRICT_FOLL_FORCE_DEFAULT
+	bool "Restrict all FOLL_FORCE flag usage"
+	default n
+	help
+	  Restrict all FOLL_FORCE usage during /proc/*/mem RW.
+	  Debuggerg like GDB require using FOLL_FORCE for basic

	  Debuggers

Hello and thank you for the feedback!

I'll fix these typos in a v5 together with the kernel test robot failures.

I'll give v4 a bit more time in case other people have more feedback,
so I can address them all in one go.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help