diff options
author | Andreas Kling <awesomekling@gmail.com> | 2019-12-15 20:11:57 +0100 |
---|---|---|
committer | Andreas Kling <awesomekling@gmail.com> | 2019-12-15 20:11:57 +0100 |
commit | 931e4b7f5ec8a5ced69c3789ecdcf0772cbee7ef (patch) | |
tree | 1a38eee0122e00ebfd836c736ba0319e4a9323e4 /Kernel/VM | |
parent | 39a6d29b398b6102d5d33719a4fcb713234b1453 (diff) | |
download | serenity-931e4b7f5ec8a5ced69c3789ecdcf0772cbee7ef.zip |
Kernel+SystemMonitor: Prevent userspace access to process ELF image
Every process keeps its own ELF executable mapped in memory in case we
need to do symbol lookup (for backtraces, etc.)
Until now, it was mapped in a way that made it accessible to the
program, despite the program not having mapped it itself.
I don't really see a need for userspace to have access to this right
now, so let's lock things down a little bit.
This patch makes it inaccessible to userspace and exposes that fact
through /proc/PID/vm (per-region "user_accessible" flag.)
Diffstat (limited to 'Kernel/VM')
-rw-r--r-- | Kernel/VM/Region.cpp | 3 | ||||
-rw-r--r-- | Kernel/VM/Region.h | 1 |
2 files changed, 1 insertions, 3 deletions
diff --git a/Kernel/VM/Region.cpp b/Kernel/VM/Region.cpp index 822d419532..3148be84b7 100644 --- a/Kernel/VM/Region.cpp +++ b/Kernel/VM/Region.cpp @@ -54,9 +54,6 @@ NonnullOwnPtr<Region> Region::clone() { ASSERT(current); - // NOTE: Kernel-only regions should never be cloned. - ASSERT(is_user_accessible()); - // FIXME: What should we do for privately mapped InodeVMObjects? if (m_shared || vmobject().is_inode()) { ASSERT(!m_stack); diff --git a/Kernel/VM/Region.h b/Kernel/VM/Region.h index 9092867bc1..eb76b3accb 100644 --- a/Kernel/VM/Region.h +++ b/Kernel/VM/Region.h @@ -57,6 +57,7 @@ public: void set_mmap(bool mmap) { m_mmap = mmap; } bool is_user_accessible() const { return m_user_accessible; } + void set_user_accessible(bool b) { m_user_accessible = b; } PageFaultResponse handle_fault(const PageFault&); |