From 59bfbed2e2252a5a625d1cba81ef569434e85418 Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Fri, 10 Jan 2020 07:02:17 +0100 Subject: [PATCH] ProcFS: Don't expose kernel-only regions to users via /proc/PID/vm The superuser is still allowed to see them, but kernel-only VM regions are now excluded from /proc/PID/vm. --- Kernel/FileSystem/ProcFS.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Kernel/FileSystem/ProcFS.cpp b/Kernel/FileSystem/ProcFS.cpp index 900fd69f26..ef4eeb0717 100644 --- a/Kernel/FileSystem/ProcFS.cpp +++ b/Kernel/FileSystem/ProcFS.cpp @@ -260,6 +260,8 @@ Optional procfs$pid_vm(InodeIdentifier identifier) KBufferBuilder builder; JsonArraySerializer array { builder }; for (auto& region : process.regions()) { + if (!region.is_user_accessible() && !current->process().is_superuser()) + continue; auto region_object = array.add_object(); region_object.add("readable", region.is_readable()); region_object.add("writable", region.is_writable());