OpenCloudOS-Kernel/Documentation
Kees Cook 5096add84b proc: maps protection
The /proc/pid/ "maps", "smaps", and "numa_maps" files contain sensitive
information about the memory location and usage of processes.  Issues:

- maps should not be world-readable, especially if programs expect any
  kind of ASLR protection from local attackers.
- maps cannot just be 0400 because "-D_FORTIFY_SOURCE=2 -O2" makes glibc
  check the maps when %n is in a *printf call, and a setuid(getuid())
  process wouldn't be able to read its own maps file.  (For reference
  see http://lkml.org/lkml/2006/1/22/150)
- a system-wide toggle is needed to allow prior behavior in the case of
  non-root applications that depend on access to the maps contents.

This change implements a check using "ptrace_may_attach" before allowing
access to read the maps contents.  To control this protection, the new knob
/proc/sys/kernel/maps_protect has been added, with corresponding updates to
the procfs documentation.

[akpm@linux-foundation.org: build fixes]
[akpm@linux-foundation.org: New sysctl numbers are old hat]
Signed-off-by: Kees Cook <kees@outflux.net>
Cc: Arjan van de Ven <arjan@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-05-08 11:15:02 -07:00
..
ABI USB: add power/level sysfs attribute 2007-04-27 13:28:37 -07:00
DocBook kernel-doc: alphabetically-sorted entries in index.html of 'htmldocs' 2007-05-02 20:58:11 +02:00
RCU [PATCH] rcu: add sched torture type to rcutorture 2006-10-04 07:55:31 -07:00
accounting [PATCH] io-accounting: add to getdelays 2006-12-10 09:55:42 -08:00
aoe Fix typos in Documentation/: 'D'-'E' 2006-10-03 22:47:42 +02:00
arm [ARM] 4238/1: S3C24XX: docs: update suspend and resume 2007-03-02 11:58:58 +00:00
auxdisplay [PATCH] drivers: add LCD support 2007-02-11 10:51:24 -08:00
blackfin blackfin architecture 2007-05-07 12:12:58 -07:00
block [PATCH] block: document io scheduler allow_merge_fn hook 2006-12-20 11:06:15 +01:00
cdrom [PATCH] pktcdvd: cleanup 2007-02-11 10:51:28 -08:00
connector [CONNECTOR]: Add userspace example code into Documentation/connector/ 2006-08-26 18:42:00 -07:00
console [PATCH] VT binding: Update documentation 2006-06-26 09:58:33 -07:00
cpu-freq Merge ../linus 2006-12-12 17:41:41 -05:00
cris Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
crypto [CRYPTO] doc: Fix typo in hash example 2007-03-21 08:55:58 +11:00
device-mapper [PATCH] Fix dm-snapshot tutorial in Documentation 2005-11-07 07:53:54 -08:00
driver-model DOC: Fix wrong identifier name in Documentation/driver-model/devres.txt 2007-05-02 18:57:59 -07:00
drivers/edac [PATCH] EDAC: Add memory scrubbing controls API to core 2007-02-12 09:48:32 -08:00
dvb V4L/DVB (4813): Added information about Technisat Sky2Pc cards 2006-12-10 08:51:18 -02:00
early-userspace earlyuserspace/README: fix homonym err 2005-11-08 17:16:50 +01:00
fault-injection [PATCH] fault-injection: Correct, disambiguate, and reformat documentation 2006-12-08 08:29:03 -08:00
fb [PATCH] fbdev driver for S3 Trio/Virge 2007-02-12 09:48:41 -08:00
filesystems proc: maps protection 2007-05-08 11:15:02 -07:00
firmware_class [PATCH] drivers/base/firmware_class.c: cleanups 2006-05-21 12:59:19 -07:00
fujitsu/frv Fix typos in /Documentation : Misc 2006-11-30 05:21:10 +01:00
hrtimer [PATCH] Add debugging feature /proc/timer_stat 2007-02-16 08:13:59 -08:00
hrtimers [PATCH] hrtimers: move and add documentation 2007-02-16 08:13:58 -08:00
hwmon hwmon/w83627ehf: Add support for the W83627DHG chip 2007-02-14 21:15:04 +01:00
i2c i2c: Documentation update 2007-05-01 23:26:35 +02:00
i2o spelling: s/retreive/retrieve/ 2006-01-10 00:10:13 +01:00
i386 [PATCH] x86: add command line length to boot protocol 2007-05-02 19:27:10 +02:00
ia64 Pull mem-attribute into release branch 2007-04-30 13:56:17 -07:00
infiniband IB/umad: Clarify documentation of transaction ID 2007-04-24 21:30:38 -07:00
input Input: update some documentation 2007-04-29 23:42:08 -04:00
ioctl [PATCH] Document how to decode an IOCTL number 2006-12-10 09:55:40 -08:00
isdn [PATCH] drivers/isdn/gigaset: new M101 driver (v2) 2007-02-12 09:48:30 -08:00
kbuild kbuild: small documentation fix in Documentation/kbuild/modules.txt 2007-05-02 20:58:09 +02:00
kdump [PATCH] PPC64 Kdump documentation update 2007-02-20 17:10:15 -08:00
m68k Documentation: remove duplicated words 2006-10-03 22:57:56 +02:00
mips [MIPS] Fixup migration to GENERIC_TIME 2006-10-31 20:13:23 +00:00
netlabel [NetLabel]: documentation 2006-09-22 14:53:31 -07:00
networking [PATCH] bcm43xx: Update Documentation/bcm43xx.txt 2007-04-28 11:00:55 -04:00
parisc Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
pcmcia add new_id to PCMCIA drivers 2007-05-07 12:12:50 -07:00
power Documentation: Ask driver writers to provide PM support 2007-05-08 11:14:59 -07:00
powerpc [POWERPC] Fix typos in booting-without-of.txt 2007-04-27 21:13:14 +10:00
s390 [S390] crypto: cleanup. 2007-04-27 16:01:46 +02:00
scsi [SCSI] aacraid: Correct SMC products in aacraid.txt 2007-04-17 18:01:45 -04:00
serial [SERIAL] Update parity handling documentation 2006-06-02 17:47:26 +01:00
sh sh: SH7722 clock framework support. 2007-05-07 02:11:56 +00:00
sound [ALSA] hda-codec - Add support for MacBook Pro 1st generation 2007-03-15 12:44:51 +01:00
sparc Fix typos in Documentation/: 'Q'-'R' 2006-10-03 22:54:15 +02:00
spi [ARM] 4304/1: removes the unnecessary bit number from CKENnn_XXXX 2007-04-21 23:14:01 +01:00
sysctl mm: fix handling of panic_on_oom when cpusets are in use 2007-05-07 12:12:55 -07:00
telephony Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
uml Fix typos in /Documentation : 'U-Z' 2006-11-30 04:58:40 +01:00
usb MAINTAINER change for Connect Tech Inc 2007-05-04 17:41:21 -07:00
video4linux Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6 2007-04-29 10:47:25 -07:00
vm slub: add slabinfo tool 2007-05-07 12:12:54 -07:00
w1 [PATCH] w1: Userspace communication protocol over connector. 2006-06-22 11:22:50 -07:00
watchdog Fix typos in /Documentation : 'T'' 2006-11-30 04:55:36 +01:00
x86_64 [PATCH] x86-64: Dynamically adjust machine check interval 2007-05-02 19:27:19 +02:00
00-INDEX Remove long-unmaintained ftape driver subsystem. 2006-12-03 22:22:41 -05:00
BUG-HUNTING Documentation: Update to BUG-HUNTING 2006-03-22 00:37:42 +01:00
Changes Fix typos in doc and comments 2006-11-30 05:32:19 +01:00
CodingStyle [PATCH] Add a new section to CodingStyle, promoting include/linux/kernel.h 2006-12-22 08:55:49 -08:00
DMA-API.txt [PATCH] Pass struct dev pointer to dma_cache_sync() 2006-12-07 08:39:41 -08:00
DMA-ISA-LPC.txt Fix typos in /Documentation : 'T'' 2006-11-30 04:55:36 +01:00
DMA-mapping.txt Documentation: remove duplicated words 2006-10-03 22:57:56 +02:00
HOWTO HOWTO: Add a reference to Harbison and Steele 2007-02-07 10:37:13 -08:00
IO-mapping.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
IPMI.txt [PATCH] IPMI: system interface hotplug 2006-12-07 08:39:47 -08:00
IRQ-affinity.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
IRQ.txt [PATCH] genirq: irq: document what an IRQ is 2006-06-29 10:26:25 -07:00
MSI-HOWTO.txt Fix typos in /Documentation : 'U-Z' 2006-11-30 04:58:40 +01:00
ManagementStyle Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
PCIEBUS-HOWTO.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
README.DAC960 [PATCH] devfs: Last little devfs cleanups throughout the kernel tree. 2006-06-26 12:25:09 -07:00
README.cycladesZ Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
SAK.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
SecurityBugs Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
SubmitChecklist [PATCH] add -mm testing in SubmitChecklist 2007-03-01 14:53:37 -08:00
SubmittingDrivers Documentation: Ask driver writers to provide PM support 2007-05-08 11:14:59 -07:00
SubmittingPatches Change Linus' email address too 2007-01-23 14:22:35 -08:00
VGA-softcursor.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
applying-patches.txt [PATCH] Docs update: typos, corrections and additions to applying-patches.txt 2006-01-10 08:01:54 -08:00
atomic_ops.txt Spelling fixes for Documentation/atomic_ops.txt 2006-06-26 18:27:35 +02:00
basic_profiling.txt [PATCH] oprofile: report anonymous region samples 2005-06-24 00:06:27 -07:00
binfmt_misc.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
cachetlb.txt [ARM] pass vma for flush_anon_page() 2007-01-08 19:49:54 +00:00
cciss.txt Fix typos in Documentation/: 'D'-'E' 2006-10-03 22:47:42 +02:00
cli-sti-removal.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
computone.txt remove mentionings of devfs in documentation 2006-10-03 22:17:48 +02:00
cpqarray.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
cpu-hotplug.txt Fix typos in /Documentation : Misc 2006-11-30 05:21:10 +01:00
cpu-load.txt [PATCH] Documentation: CPU load calculation description 2007-03-01 14:53:39 -08:00
cpusets.txt [PATCH] CPUSETS: add mems to basic usage documentation 2007-04-02 10:06:08 -07:00
cputopology.txt Fix typos in Documentation/: 'D'-'E' 2006-10-03 22:47:42 +02:00
dcdbas.txt [PATCH] dcdbas: add Dell Systems Management Base Driver with sysfs support 2005-09-07 16:57:27 -07:00
debugging-modules.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
dell_rbu.txt Fix typos in Documentation/: 'N'-'P' 2006-10-03 22:52:05 +02:00
devices.txt [PATCH] New updated devices.txt - LANANA 2006-12-07 08:39:45 -08:00
digiepca.txt typo fixes: aquire -> acquire 2006-06-30 18:23:04 +02:00
dnotify.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
dontdiff [PATCH] x86-64: Don't exclude asm-offsets.c in Documentation/dontdiff 2007-05-02 19:27:21 +02:00
ecryptfs.txt [PATCH] ecryptfs: fs/Makefile and fs/Kconfig 2006-10-04 07:55:24 -07:00
eisa.txt Fix typos in /Documentation : 'U-Z' 2006-11-30 04:58:40 +01:00
exception.txt Documentation: remove duplicated words 2006-10-03 22:57:56 +02:00
feature-removal-schedule.txt Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/pci-2.6 2007-05-04 18:04:29 -07:00
floppy.txt [PATCH] kernel Doc/ URL corrections 2005-11-22 09:14:30 -08:00
gpio.txt [PATCH] doc: gpio.txt describes open-drain emulation 2007-04-12 15:31:42 -07:00
hayes-esp.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
highuid.txt Fix "can not" in Documentation and Kconfig 2006-10-03 22:53:09 +02:00
hpet.txt Documentation/hpet.txt typo 2006-01-15 02:09:54 +01:00
hw_random.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ide.txt ide: make legacy IDE VLB modules check for the "probe" kernel params (v2) 2007-03-03 17:48:55 +01:00
initrd.txt [PATCH] documentation: Documentation/initrd.txt 2006-07-31 13:28:44 -07:00
io_ordering.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ioctl-number.txt [PATCH] Doc: isicom, remove reserved ioctl-number 2007-02-11 10:51:29 -08:00
iostats.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
irqflags-tracing.txt [PATCH] lockdep: irqtrace subsystem, docs 2006-07-03 15:27:03 -07:00
isapnp.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
java.txt Fix "can not" in Documentation and Kconfig 2006-10-03 22:53:09 +02:00
kernel-doc-nano-HOWTO.txt [PATCH] Discuss a couple common errors in kernel-doc usage. 2007-02-11 10:51:32 -08:00
kernel-docs.txt Documentation/kernel-docs.txt update. 2007-02-17 20:15:38 +01:00
kernel-parameters.txt [PATCH] i386: PARAVIRT: Allow boot-time disable of paravirt_ops patching 2007-05-02 19:27:16 +02:00
keys-request-key.txt [PATCH] Keys: Allow in-kernel key requestor to pass auxiliary data to upcaller 2006-06-29 10:26:20 -07:00
keys.txt [AF_RXRPC]: Key facility changes for AF_RXRPC 2007-04-26 15:46:23 -07:00
kobject.txt Fix typos in Documentation/: 'D'-'E' 2006-10-03 22:47:42 +02:00
kprobes.txt [PATCH] Don't give bad kprobes example aka ") < 0))" typo 2006-11-16 11:43:38 -08:00
kref.txt [PATCH] kref: add link to original documentation to the kref documentation. 2005-04-18 21:57:30 -07:00
laptop-mode.txt Fix typos in /Documentation : Misc 2006-11-30 05:21:10 +01:00
ldm.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
leds-class.txt [PATCH] LED: class documentation 2006-03-31 12:18:56 -08:00
local_ops.txt [PATCH] local_t: Documentation 2007-02-11 10:51:32 -08:00
lockdep-design.txt [PATCH] fix lockdep-design.txt 2006-10-11 11:14:24 -07:00
locks.txt [PATCH] Docs update: remove obsolete patch from locks.txt 2006-01-10 08:01:54 -08:00
logo.gif Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
logo.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
magic-number.txt [SPARC]: Remove the broken SUN_AURORA driver. 2007-02-26 11:35:45 -08:00
mandatory.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
mca.txt Fix some typos in Documentation/: 'A' 2006-10-03 22:45:33 +02:00
md.txt Fix typos in Documentation/: 'Q'-'R' 2006-10-03 22:54:15 +02:00
memory-barriers.txt Fix typos in /Documentation : 'T'' 2006-11-30 04:55:36 +01:00
memory.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
mono.txt Fix "can not" in Documentation and Kconfig 2006-10-03 22:53:09 +02:00
moxa-smartio Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
mtrr.txt [PATCH] Doc: fix mtrr userspace programs to build cleanly 2006-04-11 06:18:44 -07:00
mutex-design.txt [PATCH] mutex subsystem, documentation 2006-01-09 15:59:20 -08:00
nbd.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
nfsroot.txt [PATCH] fix the defaults mentioned in Documentation/nfsroot.txt 2007-02-12 09:48:28 -08:00
nmi_watchdog.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
nommu-mmap.txt [PATCH] NOMMU: Make futexes work under NOMMU conditions 2006-09-27 08:26:15 -07:00
numastat.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
oops-tracing.txt [PATCH] update Doc/oops-tracing.txt for TAINT_USER 2007-02-20 17:10:15 -08:00
paride.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
parport-lowlevel.txt [PATCH] parport: fix documentation 2006-02-03 08:32:06 -08:00
parport.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
pci-error-recovery.txt Documentation: remove duplicated words 2006-10-03 22:57:56 +02:00
pci.txt PCI: the overdue removal of pci_module_init() 2007-05-02 19:02:38 -07:00
pcieaer-howto.txt PCI-Express AER implemetation: aer howto document 2006-09-26 17:43:52 -07:00
pi-futex.txt fix a typo in Documentation/pi-futex.txt 2006-10-03 23:39:02 +02:00
pm.txt Fix "can not" in Documentation and Kconfig 2006-10-03 22:53:09 +02:00
pnp.txt Fix typos in /Documentation : 'U-Z' 2006-11-30 04:58:40 +01:00
preempt-locking.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
prio_tree.txt Documentation: remove duplicated words 2006-10-03 22:57:56 +02:00
ramdisk.txt [PATCH] Update ramdisk documentation 2006-07-14 21:53:53 -07:00
rbtree.txt [PATCH] Documentation/rbtree.txt 2007-02-11 10:51:35 -08:00
riscom8.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
robust-futex-ABI.txt Fix typos in /Documentation : 'U-Z' 2006-11-30 04:58:40 +01:00
robust-futexes.txt Fix typos in /Documentation : Misc 2006-11-30 05:21:10 +01:00
rocket.txt Fix typos in Documentation/: 'S' 2006-10-03 22:55:17 +02:00
rpc-cache.txt Documentation: remove duplicated words 2006-10-03 22:57:56 +02:00
rt-mutex-design.txt [PATCH] typo fixes for rt-mutex-design.txt 2006-10-01 00:39:24 -07:00
rt-mutex.txt [PATCH] pi-futex: rt mutex docs 2006-06-27 17:32:47 -07:00
rtc.txt [PATCH] some rtc documentation updates 2007-02-11 11:18:06 -08:00
sched-arch.txt [PATCH] sched: resched and cpu_idle rework 2005-11-09 07:56:33 -08:00
sched-coding.txt Fix typos in Documentation/: 'H'-'M' 2006-10-03 22:50:39 +02:00
sched-design.txt Fix typos in Documentation/: 'H'-'M' 2006-10-03 22:50:39 +02:00
sched-domains.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sched-stats.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
serial-console.txt [PATCH] doc: more serial-console info 2006-03-25 08:23:00 -08:00
sgi-ioc4.txt [PATCH] ioc4: Core driver rewrite 2005-06-21 18:46:32 -07:00
sgi-visws.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sharedsubtree.txt Fix typos in /Documentation : 'T'' 2006-11-30 04:55:36 +01:00
smart-config.txt kbuild: remove checkconfig.pl 2006-02-19 09:51:22 +01:00
smp.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sony-laptop.txt sony-laptop: update documentation and Kconfig help 2007-04-10 16:01:19 -04:00
sonypi.txt [PATCH] sonypi SPIC initialisation fix 2005-09-07 16:57:24 -07:00
sparse.txt [PATCH] update 'getting sparse' info. 2007-03-08 16:47:58 -08:00
specialix.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
spinlocks.txt fix rwlock usage example 2006-03-22 00:19:39 +01:00
stable_api_nonsense.txt [PATCH] i386: always enable regparm 2006-12-07 02:14:12 +01:00
stable_kernel_rules.txt Fix typos in /Documentation : Misc 2006-11-30 05:21:10 +01:00
stallion.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
svga.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sx.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sysrq.txt doc: Update sysrq doc for sh kgdb trigger. 2007-05-07 02:10:53 +00:00
thinkpad-acpi.txt ACPI: thinkpad-acpi: add sysfs support to wan and bluetooth subdrivers 2007-04-28 21:41:20 -04:00
time_interpolators.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
tipar.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
tty.txt tty: Clarify documentation of ->write() 2007-05-08 11:14:59 -07:00
unicode.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
unshare.txt Documentation: remove duplicated words 2006-10-03 22:57:56 +02:00
video-output.txt output: Add output class document 2006-12-20 01:46:58 -05:00
voyager.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
xterm-linux.xpm Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
zorro.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00

README.cycladesZ

The Cyclades-Z must have firmware loaded onto the card before it will
operate.  This operation should be performed during system startup,

The firmware, loader program and the latest device driver code are
available from Cyclades at
    ftp://ftp.cyclades.com/pub/cyclades/cyclades-z/linux/