forked from torvalds/linux
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fs/proc: add mask_secrets to prevent sensitive information leakage.
There are about 17000+ packages exists on centos. After investigation on 10000+ pacakges, About 200+ commands support passing plain(or encrypted) passwords through command line arguments. Those sensitive information are exposed through a global readable interface: /proc/$pid/cmdline. To prevent the leakcage, adding mask_secrets procfs entry will hook the get_mm_cmdline()'s output and mask sensitive fields in /proc/$pid/cmdline using repeating 'Z's. Signed-off-by: zhanglin <zhang.lin16@zte.com.cn>
- Loading branch information
1 parent
c5eb0a6
commit f8d1c42
Showing
4 changed files
with
624 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.