Re: [PATCH 2.6.12.3] Deny chmod in /proc/<pid>/

[Johan Veenhuizen]

Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx> wrote:
>
> >Did you mean "chmod"?
>
> No, I really meant chown - which just turned up another should-not-be:
> no warning is generated when trying to chown;
> chmod is even _persistent_ - for the moment.
>

Did you even bother to read my first mail?  Quoting myself:

    "The patch does also trigger an EPERM when someone tries
    to chown/chgrp an entry (which is currently silently ignored)."
                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

and

    "... it is currently possible for the owner of a process to
    temporarily chmod the entries."

Those are the problems that my patch fixes!  And NO, chmod is NOT
persistent.  It just appears to be.  The permissions are dropped
when the dentry for a file is released (and with it, the reference
to the temporary inode).  (You might have understood this.
I don't know what you mean by "for the moment".)

It's a very Bad Thing that the chmod succeeds for a while, because
it gives users the impression that the files can be protected
(e.g. /proc/<pid>/cmdline).  As it is now, you'll have to look
at the kernel source to figure out which files will preserve
their permissions...

> >And I don't even have "smaps".
>
> Just take any file.

Not any file exists under /proc, so I'll rather take a file that
is there for my examples.

	Johan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/