© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Hi Alex,
Yes, I agree: the lock file being controllable by a regular user is not the vulnerability. It's useful for writing an exploit, but it's not a vulnerability by itself.
As far as I can see, PID recycling means that there is fundamentally no way for apport to confirm that the contents of /proc/[pid] correspond to the process that actually crashed. So I think the only thing that you can do is to make sure that the files in /proc/[pid] are owned by the correct user. It would still be possible to play games with PID recycling but there would be no benefit to attacker if it doesn't enable them to read information belonging to a different user. So my suggestion would be to drop privileges during add_proc_info:
https:/
I think that should prevent apport from reading the /proc/[pid]/maps file of a process that belongs to the wrong user.
Thanks,
Kev