Linux kernel - /proc/pid/environ fixes

calendar 17 Aug 2012, 00:00 · 1 min read · opensource linux kernel security  ·
Share on: linkedin copy

Just to share that Linux /proc/pid/environ suffers from bugs referenced and fixed here: proc: /proc//environ offset fixes that can be considered vulnerabilities.

The fixes are in the mainline now. The PoC to dump exec area can found here: http://lkml.org/lkml/2012/7/22/163

Linux Procfs suffers from other vulnerabilities, like the:

->open() + ->dup(stdin,stdout…) + execve(suid_program)…

These were discussed several times on lkml. If you want a quick nice fix, that only compares u64bit values, check the recent Grsecurity patches. The Openwall kernel patches includes the same first protection. The Grsecurity protection was updated to take advantage of per-cpu counters.