Re: [RFC PATCH 3/3a] ptrace: add _ptrace_may_access()
From: Ingo Molnar
Date: Thu May 07 2009 - 04:40:45 EST
* Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
> On 05/07, Ingo Molnar wrote:
> >
> > * Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
> >
> > > /* the callers of ptrace_may_access should be fixed */
> > >
> > > int ptrace_may_access(struct task_struct *task, unsigned int mode)
> >
> > Sigh, NAK, for the reasons explained in the previous mails.
>
> Agreed, but what about security_operations->ptrace_may_access ?
>
> It has the same (bad) name, but returns the error code or 0 on
> success.
Bad code should generally be fixed, or in exceptional circumstances
it can tolerated if it's pre-existing bad code, but it should never
be propagated. It has not spread _that_ widely yet, and is isolated
to the security subsystem:
include/linux/security.h
security/capability.c
security/commoncap.c
security/root_plug.c
security/security.c
security/selinux/hooks.c
security/smack/smack_lsm.c
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/