From 4568d86c388193fa7119f893b5e24780ef2f8ebe Mon Sep 17 00:00:00 2001
From: Peter Teoh <htmldeveloper@gmail.com>
Date: Fri, 11 Sep 2020 22:01:14 +0800
Subject: [PATCH] Update proc.5

Since 2011, /proc/pid/mem interface is possible to be written via write(2) syscall:

https://lwn.net/Articles/432347/

https://lwn.net/Articles/433326/

An example where this feature is used is in the Google CTF 2020 "WriteOnly" challenge.
---
 man5/proc.5 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/man5/proc.5 b/man5/proc.5
index 5e52b038c..ba890d555 100644
--- a/man5/proc.5
+++ b/man5/proc.5
@@ -1399,9 +1399,12 @@ Under Linux 2.0, there is no field giving pathname.
 This file can be used to access the pages of a process's memory through
 .BR open (2),
 .BR read (2),
+.BR write(2),
 and
 .BR lseek (2).
 .IP
+Permission to use the write(2) syscall is allowed only if the caller of write(2) is the parent process of the [pid] to be written.
+.IP
 Permission to access this file is governed by a ptrace access mode
 .B PTRACE_MODE_ATTACH_FSCREDS
 check; see