Re: [PATCH v2 0/9] procfs: protect /proc/<pid>/* files withfile->f_cred

From: Ingo Molnar
Date: Thu Oct 03 2013 - 09:39:50 EST



* Djalal Harouni <tixxdz@xxxxxxxxxx> wrote:

> On Thu, Oct 03, 2013 at 08:22:56AM +0200, Ingo Molnar wrote:
> >
> > * Djalal Harouni <tixxdz@xxxxxxxxxx> wrote:
> >
> > > * You can't do it for /proc/*/stat otherwise you will break userspace
> > > "ps"..., ps must access /proc/1/stat etc... so the proposed solution
> > > will work without any side effect.
> >
> > The thing is, returning -EINVAL is not the only way to reject access to
> > privileged information!
>
> > In the /proc/1/stat case a compatibility quirk can solve the problem:
> > create a special 'dummy' process inode for invalid accesses and give
> > it to ps, with all fields present but zero.
>
> Hmm, we already return zero for the fields that must be protected.
> Already done.
>
> Not all fields need to be zero ? If so, yes it could be done as you
> propose and avoid the 'if permitted' test each time... but we don't want
> to do it

Indeed some fields need to be available, for utilities like 'top' to work.

Thanks,

Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/