aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2006-06-26 03:25:45 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-06-26 12:58:24 -0400
commit68602066c3327fa340899609d715781eda423751 (patch)
treefdd1db5b08755bf2c353364b56a778f62e5009f4
parentaed7a6c476d90660ac5af860158407ae9fe61c68 (diff)
[PATCH] proc: Remove bogus proc_task_permission
First we can access every /proc/<tgid>/task/<pid> directory as /proc/<pid> so proc_task_permission is not usefully limiting visibility. Second having related filesystems information should have nothing to do with process visibility. kill does not implement any checks like that. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--fs/proc/base.c63
1 files changed, 0 insertions, 63 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 9562df760901..6080672276d5 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -361,54 +361,6 @@ static int proc_root_link(struct inode *inode, struct dentry **dentry, struct vf
361 return result; 361 return result;
362} 362}
363 363
364
365/* Same as proc_root_link, but this addionally tries to get fs from other
366 * threads in the group */
367static int proc_task_root_link(struct inode *inode, struct dentry **dentry,
368 struct vfsmount **mnt)
369{
370 struct fs_struct *fs;
371 int result = -ENOENT;
372 struct task_struct *leader = proc_task(inode);
373
374 task_lock(leader);
375 fs = leader->fs;
376 if (fs) {
377 atomic_inc(&fs->count);
378 task_unlock(leader);
379 } else {
380 /* Try to get fs from other threads */
381 task_unlock(leader);
382 read_lock(&tasklist_lock);
383 if (pid_alive(leader)) {
384 struct task_struct *task = leader;
385
386 while ((task = next_thread(task)) != leader) {
387 task_lock(task);
388 fs = task->fs;
389 if (fs) {
390 atomic_inc(&fs->count);
391 task_unlock(task);
392 break;
393 }
394 task_unlock(task);
395 }
396 }
397 read_unlock(&tasklist_lock);
398 }
399
400 if (fs) {
401 read_lock(&fs->lock);
402 *mnt = mntget(fs->rootmnt);
403 *dentry = dget(fs->root);
404 read_unlock(&fs->lock);
405 result = 0;
406 put_fs_struct(fs);
407 }
408 return result;
409}
410
411
412#define MAY_PTRACE(task) \ 364#define MAY_PTRACE(task) \
413 (task == current || \ 365 (task == current || \
414 (task->parent == current && \ 366 (task->parent == current && \
@@ -600,20 +552,6 @@ static int proc_permission(struct inode *inode, int mask, struct nameidata *nd)
600 return proc_check_root(inode); 552 return proc_check_root(inode);
601} 553}
602 554
603static int proc_task_permission(struct inode *inode, int mask, struct nameidata *nd)
604{
605 struct dentry *root;
606 struct vfsmount *vfsmnt;
607
608 if (generic_permission(inode, mask, NULL) != 0)
609 return -EACCES;
610
611 if (proc_task_root_link(inode, &root, &vfsmnt))
612 return -ENOENT;
613
614 return proc_check_chroot(root, vfsmnt);
615}
616
617extern struct seq_operations proc_pid_maps_op; 555extern struct seq_operations proc_pid_maps_op;
618static int maps_open(struct inode *inode, struct file *file) 556static int maps_open(struct inode *inode, struct file *file)
619{ 557{
@@ -1583,7 +1521,6 @@ static struct inode_operations proc_fd_inode_operations = {
1583 1521
1584static struct inode_operations proc_task_inode_operations = { 1522static struct inode_operations proc_task_inode_operations = {
1585 .lookup = proc_task_lookup, 1523 .lookup = proc_task_lookup,
1586 .permission = proc_task_permission,
1587}; 1524};
1588 1525
1589#ifdef CONFIG_SECURITY 1526#ifdef CONFIG_SECURITY