diff options
author | Roland McGrath <roland@redhat.com> | 2008-07-25 22:45:49 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-07-26 15:00:08 -0400 |
commit | 0d094efeb1e98010c6b99923f1eb7e17bf1e3a74 (patch) | |
tree | 6ee271b6da5796e5321d2ab6f9d7d9ba03c300a2 /fs/proc | |
parent | dae33574dcf5211e1f43c7e45fa29f73ba3e00cb (diff) |
tracehook: tracehook_tracer_task
This adds the tracehook_tracer_task() hook to consolidate all forms of
"Who is using ptrace on me?" logic. This is used for "TracerPid:" in
/proc and for permission checks. We also clean up the selinux code the
called an identical accessor.
Signed-off-by: Roland McGrath <roland@redhat.com>
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Reviewed-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/proc')
-rw-r--r-- | fs/proc/array.c | 9 | ||||
-rw-r--r-- | fs/proc/base.c | 13 |
2 files changed, 16 insertions, 6 deletions
diff --git a/fs/proc/array.c b/fs/proc/array.c index 797d775e035..0d6eb33597c 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c | |||
@@ -80,6 +80,7 @@ | |||
80 | #include <linux/delayacct.h> | 80 | #include <linux/delayacct.h> |
81 | #include <linux/seq_file.h> | 81 | #include <linux/seq_file.h> |
82 | #include <linux/pid_namespace.h> | 82 | #include <linux/pid_namespace.h> |
83 | #include <linux/tracehook.h> | ||
83 | 84 | ||
84 | #include <asm/pgtable.h> | 85 | #include <asm/pgtable.h> |
85 | #include <asm/processor.h> | 86 | #include <asm/processor.h> |
@@ -168,8 +169,12 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, | |||
168 | rcu_read_lock(); | 169 | rcu_read_lock(); |
169 | ppid = pid_alive(p) ? | 170 | ppid = pid_alive(p) ? |
170 | task_tgid_nr_ns(rcu_dereference(p->real_parent), ns) : 0; | 171 | task_tgid_nr_ns(rcu_dereference(p->real_parent), ns) : 0; |
171 | tpid = pid_alive(p) && p->ptrace ? | 172 | tpid = 0; |
172 | task_pid_nr_ns(rcu_dereference(p->parent), ns) : 0; | 173 | if (pid_alive(p)) { |
174 | struct task_struct *tracer = tracehook_tracer_task(p); | ||
175 | if (tracer) | ||
176 | tpid = task_pid_nr_ns(tracer, ns); | ||
177 | } | ||
173 | seq_printf(m, | 178 | seq_printf(m, |
174 | "State:\t%s\n" | 179 | "State:\t%s\n" |
175 | "Tgid:\t%d\n" | 180 | "Tgid:\t%d\n" |
diff --git a/fs/proc/base.c b/fs/proc/base.c index a891fe4cb43..4b74dba69a6 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c | |||
@@ -69,6 +69,7 @@ | |||
69 | #include <linux/mount.h> | 69 | #include <linux/mount.h> |
70 | #include <linux/security.h> | 70 | #include <linux/security.h> |
71 | #include <linux/ptrace.h> | 71 | #include <linux/ptrace.h> |
72 | #include <linux/tracehook.h> | ||
72 | #include <linux/cgroup.h> | 73 | #include <linux/cgroup.h> |
73 | #include <linux/cpuset.h> | 74 | #include <linux/cpuset.h> |
74 | #include <linux/audit.h> | 75 | #include <linux/audit.h> |
@@ -231,10 +232,14 @@ static int check_mem_permission(struct task_struct *task) | |||
231 | * If current is actively ptrace'ing, and would also be | 232 | * If current is actively ptrace'ing, and would also be |
232 | * permitted to freshly attach with ptrace now, permit it. | 233 | * permitted to freshly attach with ptrace now, permit it. |
233 | */ | 234 | */ |
234 | if (task->parent == current && (task->ptrace & PT_PTRACED) && | 235 | if (task_is_stopped_or_traced(task)) { |
235 | task_is_stopped_or_traced(task) && | 236 | int match; |
236 | ptrace_may_access(task, PTRACE_MODE_ATTACH)) | 237 | rcu_read_lock(); |
237 | return 0; | 238 | match = (tracehook_tracer_task(task) == current); |
239 | rcu_read_unlock(); | ||
240 | if (match && ptrace_may_access(task, PTRACE_MODE_ATTACH)) | ||
241 | return 0; | ||
242 | } | ||
238 | 243 | ||
239 | /* | 244 | /* |
240 | * Noone else is allowed. | 245 | * Noone else is allowed. |