OSDN Git Service

(root) / sagit-ice-cold / kernel_xiaomi_msm8998.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 59ff2e1) | patch
Revert "proc: smaps: Allow smaps access for CAP_SYS_RESOURCE"
authorDaniel Mentz <danielmentz@google.com>
Fri, 7 Jul 2017 18:27:31 +0000 (11:27 -0700)
committerDaniel Mentz <danielmentz@google.com>
Fri, 21 Jul 2017 18:09:08 +0000 (11:09 -0700)
commit362e08d2572fd592b6a5322763977d898ebefba2
tree8268adac315acb7214f7aaf03fa0244a62291208tree | snapshot
parent59ff2e15be118b70755d9709be67ed1b842cd5e6commit | diff
Revert "proc: smaps: Allow smaps access for CAP_SYS_RESOURCE"

This reverts commit 9d19f72b43f495f6f1ef1268dbed1bbade8dea24.

This fixes CVE-2017-0710.

SELinux allows more fine grained control: We grant processes that need
access to smaps CAP_SYS_PTRACE but prohibit them from using ptrace
attach().

Bug: 34951864
Bug: 36468447
Change-Id: I8ea67f8771ec212950bc251ee750bd8a7e7c0643
Signed-off-by: Daniel Mentz <danielmentz@google.com>
kernel/fork.c diff | blob | history
Mirror: https://github.com/0ranko0P/kernel_xiaomi_msm8998/
About OSDN
Find Software
Develop Software
Help