Linux kernel - /proc/pid/environ fixes

Just to share that Linux /proc/pid/environ suffers from bugs referenced and fixed here: proc: /proc//environ offset fixes that can be considered vulnerabilities.

The fixes are in the mainline now. The PoC to dump exec area can found here:

Linux Procfs suffers from other vulnerabilities, like the:

->open() + ->dup(stdin,stdout…) + execve(suid_program)…

These were discussed several times on lkml. If you want a quick nice fix, that only compares u64bit values, check the recent Grsecurity patches. The Openwall kernel patches includes the same first protection. The Grsecurity protection was updated to take advantage of per-cpu counters.