Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262919AbTHUWSf (ORCPT ); Thu, 21 Aug 2003 18:18:35 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262942AbTHUWSf (ORCPT ); Thu, 21 Aug 2003 18:18:35 -0400 Received: from facesaver.epoch.ncsc.mil ([144.51.25.10]:9155 "EHLO epoch.ncsc.mil") by vger.kernel.org with ESMTP id S262919AbTHUWSb (ORCPT ); Thu, 21 Aug 2003 18:18:31 -0400 Subject: Re: [PATCH] Call security hook from pid*_revalidate From: Stephen Smalley To: OGAWA Hirofumi Cc: Andrew Morton , James Morris , Chris Wright , lkml In-Reply-To: <1061501984.25855.110.camel@moss-spartans.epoch.ncsc.mil> References: <20030819013834.1fa487dc.akpm@osdl.org> <1061327958.28439.62.camel@moss-spartans.epoch.ncsc.mil> <20030819142234.64433bad.akpm@osdl.org> <87wud8pecx.fsf@devron.myhome.or.jp> <1061498191.25855.77.camel@moss-spartans.epoch.ncsc.mil> <1061501984.25855.110.camel@moss-spartans.epoch.ncsc.mil> Content-Type: text/plain Organization: National Security Agency Message-Id: <1061504298.25855.125.camel@moss-spartans.epoch.ncsc.mil> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.2 (1.2.2-5) Date: 21 Aug 2003 18:18:18 -0400 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2251 Lines: 70 Third version of the same patch against 2.6.0-test3-mm3, this time using proc_type rather than directly extracting the type from the inode number. diff -X /home/sds/dontdiff -ru linux-2.6.0-test3-mm3/fs/proc/base.c linux-2.6.0-test3-mm3-sds/fs/proc/base.c --- linux-2.6.0-test3-mm3/fs/proc/base.c 2003-08-21 16:24:17.000000000 -0400 +++ linux-2.6.0-test3-mm3-sds/fs/proc/base.c 2003-08-21 17:46:41.000000000 -0400 @@ -870,11 +870,17 @@ */ static int pid_revalidate(struct dentry *dentry, struct nameidata *nd) { - if (pid_alive(proc_task(dentry->d_inode))) { - struct task_struct *task = proc_task(dentry->d_inode); - - dentry->d_inode->i_uid = task->euid; - dentry->d_inode->i_gid = task->egid; + struct inode *inode = dentry->d_inode; + struct task_struct *task = proc_task(inode); + if (pid_alive(task)) { + if (proc_type(inode) == PROC_PID_INO || task_dumpable(task)) { + inode->i_uid = task->euid; + inode->i_gid = task->egid; + } else { + inode->i_uid = 0; + inode->i_gid = 0; + } + security_task_to_inode(task, inode); return 1; } d_drop(dentry); @@ -883,8 +889,9 @@ static int pid_fd_revalidate(struct dentry *dentry, struct nameidata *nd) { - struct task_struct *task = proc_task(dentry->d_inode); - int fd = proc_type(dentry->d_inode) - PROC_PID_FD_DIR; + struct inode *inode = dentry->d_inode; + struct task_struct *task = proc_task(inode); + int fd = proc_type(inode) - PROC_PID_FD_DIR; struct files_struct *files; task_lock(task); @@ -897,8 +904,14 @@ if (fcheck_files(files, fd)) { spin_unlock(&files->file_lock); put_files_struct(files); - dentry->d_inode->i_uid = task->euid; - dentry->d_inode->i_gid = task->egid; + if (task_dumpable(task)) { + inode->i_uid = task->euid; + inode->i_gid = task->egid; + } else { + inode->i_uid = 0; + inode->i_gid = 0; + } + security_task_to_inode(task, inode); return 1; } spin_unlock(&files->file_lock); -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/