Page 1 of 1
PROC_PAGE_MONITOR
Posted:
Wed Sep 16, 2009 5:28 pmby thinktank
Hello there,
Could someone explain to me why PROC_PAGE_MONITOR is disabled by grsecurity?
I wanted to use /proc/#pid#/smaps to determine the memory consumption of several processes.
Is there a way around?
Regards
tt
Re: PROC_PAGE_MONITOR
Posted:
Wed Sep 16, 2009 8:50 pmby spender
It gives out way too much information about the address space and physical memory locations. It's a threat not just to ASLR but can make some kernel exploitation easier. Also IIRC it had several vulnerabilities found in it when it was first implemented, so I've had it forced off ever since it was added to the kernel.
-Brad
Re: PROC_PAGE_MONITOR
Posted:
Thu Sep 17, 2009 4:14 pmby thinktank
Thank you Brad. Can I just remove the !GRKERNSEC from PROC_PAGE_MONITOR in /fs/proc/Kconfig and set the default to y, at my own risk?
Or are there more steps necessary in order to make this work properly? Are there even better solutions for such tasks?
Regards
tt
Re: PROC_PAGE_MONITOR
Posted:
Thu Sep 17, 2009 4:57 pmby spender
At your own risk, you can do whatever you would like to the patch
That single change though should let you enable it.
-Brad
Re: PROC_PAGE_MONITOR
Posted:
Fri Sep 18, 2009 9:35 pmby thinktank
hehe, cool, thanks, I'll give it a try :)