Re: Some patches for ppp_generic.c and proc/base.c
From: Alexey Dobriyan
Date: Thu May 19 2011 - 07:28:19 EST
2011/5/19 <samsonov@xxxxxxxxx>:
> I mean that /proc file permission for process information must be
> secure:
And how exactly adding -w------- bit helps this?
> --- ./linux-2.6.33.4.orig/fs/proc/base.c
> +++ ./linux-2.6.33.4/fs/proc/base.c
2.6.39 was released today.
Never, ever mix several patches in one email.
> @@ -2570,11 +2570,11 @@
> static const struct inode_operations proc_task_inode_operations;
>
> static const struct pid_entry tgid_base_stuff[] = {
> - DIR("task", S_IRUGO|S_IXUGO, proc_task_inode_operations, proc_task_operations),
> - DIR("fd", S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
> - DIR("fdinfo", S_IRUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),
> + DIR("task", S_IWUSR|S_IRUGO|S_IXUGO, proc_task_inode_operations, proc_task_operations),
> + DIR("fd", S_IWUSR|S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
> + DIR("fdinfo", S_IRUSR|S_IWUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),
> #ifdef CONFIG_NET
> - DIR("net", S_IRUGO|S_IXUGO, proc_net_inode_operations, proc_net_operations),
> + DIR("net", S_IRUGO|S_IWUSR|S_IXUGO, proc_net_inode_operations, proc_net_operations),
> #endif
> REG("environ", S_IRUSR, proc_environ_operations),
> INF("auxv", S_IRUSR, proc_pid_auxv),
> @@ -2608,7 +2608,7 @@
> REG("pagemap", S_IRUSR, proc_pagemap_operations),
> #endif
> #ifdef CONFIG_SECURITY
> - DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
> + DIR("attr", S_IRUGO|S_IWUSR|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
> #endif
> #ifdef CONFIG_KALLSYMS
> INF("wchan", S_IRUGO, proc_pid_wchan),
> @@ -2767,7 +2767,7 @@
> if (!inode)
> goto out;
>
> - inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
> + inode->i_mode = S_IFDIR|S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP;
> inode->i_op = &proc_tgid_base_inode_operations;
> inode->i_fop = &proc_tgid_base_operations;
> inode->i_flags|=S_IMMUTABLE;
> @@ -2909,8 +2909,8 @@
> * Tasks
> */
> static const struct pid_entry tid_base_stuff[] = {
> - DIR("fd", S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
> - DIR("fdinfo", S_IRUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),
> + DIR("fd", S_IRUSR|S_IWUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
> + DIR("fdinfo", S_IRUSR|S_IWUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),
> REG("environ", S_IRUSR, proc_environ_operations),
> INF("auxv", S_IRUSR, proc_pid_auxv),
> ONE("status", S_IRUGO, proc_pid_status),
> @@ -2942,7 +2942,7 @@
> REG("pagemap", S_IRUSR, proc_pagemap_operations),
> #endif
> #ifdef CONFIG_SECURITY
> - DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
> + DIR("attr", S_IRUGO|S_IWUSR|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
> #endif
> #ifdef CONFIG_KALLSYMS
> INF("wchan", S_IRUGO, proc_pid_wchan),
> @@ -3008,7 +3008,7 @@
>
> if (!inode)
> goto out;
> - inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
> + inode->i_mode = S_IFDIR|S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP;
> inode->i_op = &proc_tid_base_inode_operations;
> inode->i_fop = &proc_tid_base_operations;
> inode->i_flags|=S_IMMUTABLE;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/