Re: [RFC PATCH 3/3a] ptrace: add _ptrace_may_access()

From: Ingo Molnar
Date: Thu May 07 2009 - 05:35:02 EST

Next message: Michael S. Tsirkin: "Re: [PATCH] msi-x: let drivers retry when not enough vectors"
Previous message: Ingo Molnar: "Re: [patch] security: rename ptrace_may_access =>ptrace_access_check"
In reply to: Casey Schaufler: "Re: your mail"
Next in thread: Ingo Molnar: "[patch 1/2] ptrace, security: rename ptrace_may_access =>ptrace_access_check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Ingo Molnar <mingo@xxxxxxx> wrote:

> The design around that code does not seem to be very consistent.
>
> One solution would be for the default "plain Linux" security
> module to have a stock ->ptrace_access_check() that does the
> current ptrace_may_access() check, and then procfs could be
> updated to use that callback - instead of calling into the ptrace
> core code directly.

hm, that's not a good idea, as we'd have an unnecessary indirect
call even in the common case where the higher-level ptrace checks
deny a request via -EPERM early on already.

So it's all designed fine and what we need is the rename plus the
elimination of the bool.

Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Michael S. Tsirkin: "Re: [PATCH] msi-x: let drivers retry when not enough vectors"
Previous message: Ingo Molnar: "Re: [patch] security: rename ptrace_may_access =>ptrace_access_check"
In reply to: Casey Schaufler: "Re: your mail"
Next in thread: Ingo Molnar: "[patch 1/2] ptrace, security: rename ptrace_may_access =>ptrace_access_check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]