Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 396341

Summary: kernel: linux <= 3.1 /proc/pid/* information leak
Product: Gentoo Security Reporter: Michael Harrison <n0idx80>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED FIXED    
Severity: trivial CC: kernel, wimmuskee
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=770648
Whiteboard: [Linux <= 3.1]
Package list:
Runtime testing required: ---

Description Michael Harrison 2011-12-28 17:26:19 UTC 
/proc/$PID/{sched,schedstat,etc} information leak. demo:
http://openwall.com/lists/oss-security/2011/11/05/3 

Solution:
/proc/$pid/* vuln will be fixed in the following patch series by introducing
a restricted procfs permission mode:

[RFC v2 1/3] procfs: parse mount options
https://lkml.org/lkml/2011/11/19/41
[RFC v2 2/3] procfs: add hidepid= and gid= mount options
https://lkml.org/lkml/2011/11/19/42
[PATCH -next] proc: fix task_struct infoleak
https://lkml.org/lkml/2011/12/11/62 (fix for previous patch)
[RFC v2 3/3] procfs: add documentation for procfs mount options
https://lkml.org/lkml/2011/11/19/43

Currently these series are in the -mm tree.

Explanation:
https://lkml.org/lkml/2011/11/19/42
Comment 2 Wim Muskee 2016-12-23 08:14:47 UTC 
Can this be closed? 3.1 is not available anymore in gentoo-sources. Nor in hardened-sources or vanilla-sources.
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2018-04-04 17:49:20 UTC 
There are no longer any 2.x or <3.1 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.