Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757736Ab1F2UR0 (ORCPT ); Wed, 29 Jun 2011 16:17:26 -0400 Received: from mail-bw0-f46.google.com ([209.85.214.46]:49991 "EHLO mail-bw0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754540Ab1F2URY (ORCPT ); Wed, 29 Jun 2011 16:17:24 -0400 Date: Thu, 30 Jun 2011 00:17:18 +0400 From: Vasiliy Kulikov To: Balbir Singh Cc: linux-kernel@vger.kernel.org, Balbir Singh , Andrew Morton , Al Viro , David Rientjes , Stephen Wilson , KOSAKI Motohiro , security@kernel.org, Eric Paris , Solar Designer Subject: Re: [PATCH 2/2] taskstats: restrict access to user Message-ID: <20110629201718.GA11071@albatros> References: <1308917362-4795-1-git-send-email-segoon@openwall.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.20 (2009-06-14) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2343 Lines: 63 On Wed, Jun 29, 2011 at 06:57 +0530, Balbir Singh wrote: > On Fri, Jun 24, 2011 at 5:39 PM, Vasiliy Kulikov wrote: > > + ? ? ? ? ? ? ? task = find_task_by_vpid(s->pid); > > + ? ? ? ? ? ? ? if (!task || __task_cred(task)->euid != cred->euid) { If consider this patch for inclusion, it also needs some check for the listener root ability. __task_cred(task)->euid == 0 or smth like that. But ptrace_task_may_access_current() is better. > > + ? ? ? ? ? ? ? ? ? ? ? rcu_read_unlock(); > > + ? ? ? ? ? ? ? ? ? ? ? continue; > > + ? ? ? ? ? ? ? } > > + ? ? ? ? ? ? ? rcu_read_unlock(); > > + > > Release the lock prior to up_read() > > > ? ? ? ? ? ? ? ?skb_next = NULL; > > ? ? ? ? ? ? ? ?if (!list_is_last(&s->list, &listeners->list)) { > > ? ? ? ? ? ? ? ? ? ? ? ?skb_next = skb_clone(skb_cur, GFP_KERNEL); > > @@ -199,14 +211,19 @@ static void fill_stats(struct task_struct *tsk, struct taskstats *stats) > > ?static int fill_stats_for_pid(pid_t pid, struct taskstats *stats) > > ?{ > > ? ? ? ?struct task_struct *tsk; > > + ? ? ? int rc = -ESRCH; > > > > ? ? ? ?rcu_read_lock(); > > ? ? ? ?tsk = find_task_by_vpid(pid); > > + ? ? ? if (tsk && !ptrace_may_access(tsk, PTRACE_MODE_READ)) { > > + ? ? ? ? ? ? ? tsk = NULL; > > + ? ? ? ? ? ? ? rc = -EACCES; > > + ? ? ? } > > ? ? ? ?if (tsk) > > ? ? ? ? ? ? ? ?get_task_struct(tsk); > > ? ? ? ?rcu_read_unlock(); > > ? ? ? ?if (!tsk) > > - ? ? ? ? ? ? ? return -ESRCH; > > + ? ? ? ? ? ? ? return rc; > > ? ? ? ?fill_stats(tsk, stats); > > ? ? ? ?put_task_struct(tsk); > > ? ? ? ?return 0; > > @@ -224,6 +241,10 @@ static int fill_stats_for_tgid(pid_t tgid, struct taskstats *stats) > > ? ? ? ? */ > > ? ? ? ?rcu_read_lock(); > > ? ? ? ?first = find_task_by_vpid(tgid); > > + ? ? ? if (first && !ptrace_may_access(first, PTRACE_MODE_READ)) { > > + ? ? ? ? ? ? ? rc = -EACCES; > > + ? ? ? ? ? ? ? goto out; > > + ? ? ? } > > > > ? ? ? ?if (!first || !lock_task_sighand(first, &flags)) > > ? ? ? ? ? ? ? ?goto out; > > Balbir Singh -- Vasiliy Kulikov http://www.openwall.com - bringing security into open computing environments -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/