summaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2006-06-26 00:25:59 -0700
committerLinus Torvalds <torvalds@g5.osdl.org>2006-06-26 09:58:26 -0700
commitdf26c40e567356caeefe2861311e19c54444d917 (patch)
tree415527677e85e8b612b916f6fda1645a6207d8e2 /fs
parent778c1144771f0064b6f51bee865cceb0d996f2f9 (diff)
[PATCH] proc: Cleanup proc_fd_access_allowed
In process of getting proc_fd_access_allowed to work it has developed a few warts. In particular the special case that always allows introspection and the special case to allow inspection of kernel threads. The special case for introspection is needed for /proc/self/mem. The special case for kernel threads really should be overridable by security modules. So consolidate these checks into ptrace.c:may_attach(). The check to always allow introspection is trivial. The check to allow access to kernel threads, and zombies is a little trickier. mem_read and mem_write already verify an mm exists so it isn't needed twice. proc_fd_access_allowed only doesn't want a check to verify task->mm exits, s it prevents all access to kernel threads. So just move the task->mm check into ptrace_attach where it is needed for practical reasons. I did a quick audit and none of the security modules in the kernel seem to care if they are passed a task without an mm into security_ptrace. So the above move should be safe and it allows security modules to come up with more restrictive policy. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Chris Wright <chrisw@sous-sol.org> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/proc/base.c26
1 files changed, 6 insertions, 20 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index f38da6bda26..773469703c6 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -536,29 +536,15 @@ static int proc_fd_access_allowed(struct inode *inode)
{
struct task_struct *task;
int allowed = 0;
- /* Allow access to a task's file descriptors if either we may
- * use ptrace attach to the process and find out that
- * information, or if the task cannot possibly be ptraced
- * allow access if we have the proper capability.
+ /* Allow access to a task's file descriptors if it is us or we
+ * may use ptrace attach to the process and find out that
+ * information.
*/
task = get_proc_task(inode);
- if (task == current)
- allowed = 1;
- if (task && !allowed) {
- int alive;
-
- task_lock(task);
- alive = !!task->mm;
- task_unlock(task);
- if (alive)
- /* For a living task obey ptrace_may_attach */
- allowed = ptrace_may_attach(task);
- else
- /* For a special task simply check the capability */
- allowed = capable(CAP_SYS_PTRACE);
- }
- if (task)
+ if (task) {
+ allowed = ptrace_may_attach(task);
put_task_struct(task);
+ }
return allowed;
}