[kernel-sec-discuss] /proc/<pid>/auxv vulnerability
Michael Gilbert
michael.s.gilbert at gmail.com
Sat Mar 13 21:09:23 UTC 2010
i recently saw this post [0] claiming that info in /proc/<pid>/auxv can
be used to inject code into running processes, which i think is
related to CVE-2009-2691, which does the same thing using
/proc/<pid>/maps.
i tested the exploit, but i couldn't get it to work for processes that i
don't have read-access to (i.e. for a root process, auxv has 600
permissions), which is good.
however, i did get it to work for processes that i have read access for.
so, the question is should the user be restricted from injecting code
into processes running under their own account? or from another
perspective, does a standard user really need access to memory maps for
their processes, or would it make more sense to only grant that
information to root by default?
mike
[0] http://c-skills.blogspot.com/2010/02/new-injectso-debian-proof.html
More information about the kernel-sec-discuss
mailing list