Description of problem: From Kees Cook: Steve Beattie and I noticed that the /proc/$pid/maps and smaps files are readable during ELF loading for processes that a user should not normally be able to see (for example, when launching a setuid process).
Upstream commits: http://git.kernel.org/linus/13f0feafa6b8aead57a2a328e2fca6a5828bf286 http://git.kernel.org/linus/00f89d218523b9bf6b522349c039d5ac80aa536d http://git.kernel.org/linus/704b836cbf19e885f8366bccb2e4b0474346c02d References: http://lkml.org/lkml/2009/6/23/652 http://lkml.org/lkml/2009/6/23/653 http://marc.info/?l=linux-kernel&m=124718946021193 http://marc.info/?l=linux-kernel&m=124718949821250 http://article.gmane.org/gmane.comp.security.oss.general/1985
[jkacur@tycho rt.linux.git]$ git describe --contains 13f0feafa6b8aead57a2a328e2fca6a5828bf286 v2.6.31-rc6~23^2~2 [jkacur@tycho rt.linux.git]$ git describe --contains 00f89d218523b9bf6b522349c039d5ac80aa536d v2.6.31-rc6~23^2~1 [jkacur@tycho rt.linux.git]$ git describe --contains 704b836cbf19e885f8366bccb2e4b0474346c02d v2.6.31-rc6~23^2 The current MRG V2 kernel is currently based on 2.6.31-rc6 which contains all of the relevant commits.
kernel-2.6.29.6-217.2.16.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/kernel-2.6.29.6-217.2.16.fc11
kernel-2.6.29.6-217.2.16.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: MRG for RHEL-5 Via RHSA-2009:1540 https://rhn.redhat.com/errata/RHSA-2009-1540.html