Please sign in to comment.
pagemap: do not leak physical addresses to non-privileged userspace
commit ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce upstream. As pointed by recent post on exploiting DRAM physical imperfection, /proc/PID/pagemap exposes sensitive information which can be used to do attacks. This disallows anybody without CAP_SYS_ADMIN to read the pagemap.  http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html [ Eventually we might want to do anything more finegrained, but for now this is the simple model. - Linus ] Change-Id: Ib62bf4429dcdafd9fc1cd9b1a0c5665c64cc5d18 Signed-off-by: Kirill A. Shutemov <firstname.lastname@example.org> Acked-by: Konstantin Khlebnikov <email@example.com> Acked-by: Andy Lutomirski <firstname.lastname@example.org> Cc: Pavel Emelyanov <email@example.com> Cc: Andrew Morton <firstname.lastname@example.org> Cc: Mark Seaborn <email@example.com> Signed-off-by: Linus Torvalds <firstname.lastname@example.org> Signed-off-by: Zefan Li <email@example.com> [mancha: Backported to 3.10] Signed-off-by: mancha security <firstname.lastname@example.org>
- Loading branch information...