Why some user space programs write to writable pages of other processes?

[Bharath Vedartham]

On Mon, Aug 26, 2019 at 12:32:03PM +0300, Lev Olshvang wrote:
> <div> </div><div> </div><div>I am in the process of developing patch to restrict process ability to write to other process read-only patch.</div><div> </div><div>I have sent this patch to kernel-hardening list and waiting for a comments (this is my first patch to kernel)</div><div>https://www.openwall.com/lists/kernel-hardening/2019/08/24/1</div><div> </div><div> </div><div>Meanwhie I started to explore idea of restricting  process from writes to write enabled  pages of another process vma.</div><div> </div><div>To my surprise ( I am not such esperienced) many processes , systemd-journal, Xorg, dbus-server, konsole were caught by highlkighted if below, but  system continues to WORK NORMALLY !</div><div> </div><div>Can somedody to comment please ?</div><div> </div><div>Here is the code snippet of function arch_vma_access_permitted()</div><div><div>static inline bool arch_vma_access_permitted(struct vm_area_struct *vma,</div><div>                bool write, bool execute, bool foreign)</div><div>{<!-- --></div><div> </div><div> </div><div>        /* Forbid write to PROT_READ pages of foreign process */</div><div>        if (write && foreign && (!(vma->vm_flags & VM_WRITE)))</div><div>                return false;</div><div>        <strong>/* Forbid write to write-enabled of foreign process */</strong></div><div><strong>        if (current->mm &&  current->mm != vma->vm_mm){<!-- --></strong></div><div><strong>                if (current->in_execve) {<!-- --></strong></div><div><strong>                return true;</strong></div><div><strong>                }</strong></div><div><strong>        </strong></div><div><strong>                pr_err("FOREIGN WRITE? current->mm != vma->vm_mm pid %d \n", current->pid);</strong></div><div><strong>                return false;</strong></div><div><strong>        }</strong></div><div> </div><div> </div><div> </div></div>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Hi Lev,

You sent this email as a html email rather than plain text. The only
thing that appears on my mutt mail client is a bunch of gibberish html.

You should send mails to the mailing lists by a plain text client like
mutt, thunderbird etc.

Thank you
Bharath