linux/security
Linus Torvalds e8fc317dfc vfs-6.12.procfs
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCZuQEwAAKCRCRxhvAZXjc
 onI2AQDXa5XhIx0VpLWE9uVImVy3QuUKc/5pI1e1DKMgxLhKCgEAh15a4ETqmVaw
 Zp3ZSzoLD8Ez1WwWb6cWQuHFYRSjtwU=
 =+LKG
 -----END PGP SIGNATURE-----

Merge tag 'vfs-6.12.procfs' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs

Pull procfs updates from Christian Brauner:
 "This contains the following changes for procfs:

   - Add config options and parameters to block forcing memory writes.

     This adds a Kconfig option and boot param to allow removing the
     FOLL_FORCE flag from /proc/<pid>/mem write calls as this can be
     used in various attacks.

     The traditional forcing behavior is kept as default because it can
     break GDB and some other use cases.

     This is the simpler version that you had requested.

   - Restrict overmounting of ephemeral entities.

     It is currently possible to mount on top of various ephemeral
     entities in procfs. This specifically includes magic links. To
     recap, magic links are links of the form /proc/<pid>/fd/<nr>. They
     serve as references to a target file and during path lookup they
     cause a jump to the target path. Such magic links disappear if the
     corresponding file descriptor is closed.

     Currently it is possible to overmount such magic links. This is
     mostly interesting for an attacker that wants to somehow trick a
     process into e.g., reopening something that it didn't intend to
     reopen or to hide a malicious file descriptor.

     But also it risks leaking mounts for long-running processes. When
     overmounting a magic link like above, the mount will not be
     detached when the file descriptor is closed. Only the target
     mountpoint will disappear. Which has the consequence of making it
     impossible to unmount that mount afterwards. So the mount will
     stick around until the process exits and the /proc/<pid>/ directory
     is cleaned up during proc_flush_pid() when the dentries are pruned
     and invalidated.

     That in turn means it's possible for a program to accidentally leak
     mounts and it's also possible to make a task leak mounts without
     it's knowledge if the attacker just keeps overmounting things under
     /proc/<pid>/fd/<nr>.

     Disallow overmounting of such ephemeral entities.

   - Cleanup the readdir method naming in some procfs file operations.

   - Replace kmalloc() and strcpy() with a simple kmemdup() call"

* tag 'vfs-6.12.procfs' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs:
  proc: fold kmalloc() + strcpy() into kmemdup()
  proc: block mounting on top of /proc/<pid>/fdinfo/*
  proc: block mounting on top of /proc/<pid>/fd/*
  proc: block mounting on top of /proc/<pid>/map_files/*
  proc: add proc_splice_unmountable()
  proc: proc_readfdinfo() -> proc_fdinfo_iterate()
  proc: proc_readfd() -> proc_fd_iterate()
  proc: add config & param to block forcing mem writes
2024-09-16 09:36:59 +02:00
..
apparmor apparmor: fix policy_unpack_test on big endian systems 2024-08-25 15:26:30 -07:00
bpf lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
integrity This update includes the following changes: 2024-07-19 08:52:58 -07:00
keys KEYS: trusted: dcp: fix leak of blob encryption key 2024-08-15 22:01:14 +03:00
landlock Landlock security fix for v6.11-rc1 2024-07-27 13:16:53 -07:00
loadpin hardening fixes for v6.10-rc1 2024-05-24 08:33:44 -07:00
lockdown LSM: Identify modules by more than name 2023-11-12 22:54:42 -05:00
safesetid lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
selinux vfs-6.12.file 2024-09-16 09:14:02 +02:00
smack vfs-6.12.file 2024-09-16 09:14:02 +02:00
tomoyo tomoyo: update project links 2024-06-03 22:43:11 +09:00
yama sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
commoncap.c lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
device_cgroup.c device_cgroup: Fix kernel-doc warnings in device_cgroup 2023-06-21 09:30:49 -04:00
inode.c security: convert to new timestamp accessors 2023-10-18 14:08:31 +02:00
Kconfig proc: add config & param to block forcing mem writes 2024-08-30 08:19:43 +02:00
Kconfig.hardening Revert "mm: init_mlocked_on_free_v3" 2024-06-15 10:43:05 -07:00
lsm_audit.c lsm: fix a number of misspellings 2023-05-25 17:52:15 -04:00
lsm_syscalls.c lsm: use 32-bit compatible data types in LSM syscalls 2024-03-14 11:31:26 -04:00
Makefile LSM: syscalls for current process attributes 2023-11-12 22:54:42 -05:00
min_addr.c sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
security.c lsm/stable-6.11 PR 20240715 2024-07-16 14:50:44 -07:00