diff options
| author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-10-09 19:27:16 -0400 |
|---|---|---|
| committer | Alexey Dobriyan <adobriyan@gmail.com> | 2008-10-09 20:24:51 -0400 |
| commit | 3bbfe0596746e1590888a6e1e6a07583265238b7 (patch) | |
| tree | 057d3d2aa8cb68eff8c944378e86ba120eff9cf4 | |
| parent | 45acb8db06bad529f0feaf89465ce33152640089 (diff) | |
proc: remove kernel.maps_protect
After commit 831830b5a2b5d413407adf380ef62fe17d6fcbf2 aka
"restrict reading from /proc/<pid>/maps to those who share ->mm or can ptrace"
sysctl stopped being relevant because commit moved security checks from ->show
time to ->start time (mm_for_maps()).
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Acked-by: Kees Cook <kees.cook@canonical.com>
| -rw-r--r-- | Documentation/filesystems/proc.txt | 7 | ||||
| -rw-r--r-- | fs/proc/base.c | 3 | ||||
| -rw-r--r-- | fs/proc/internal.h | 2 | ||||
| -rw-r--r-- | fs/proc/task_mmu.c | 16 | ||||
| -rw-r--r-- | fs/proc/task_nommu.c | 5 | ||||
| -rw-r--r-- | kernel/sysctl.c | 11 |
6 files changed, 1 insertions, 43 deletions
diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt index f566ad9bcb7b..63ed861d5ca1 100644 --- a/Documentation/filesystems/proc.txt +++ b/Documentation/filesystems/proc.txt | |||
| @@ -1332,13 +1332,6 @@ determine whether or not they are still functioning properly. | |||
| 1332 | Because the NMI watchdog shares registers with oprofile, by disabling the NMI | 1332 | Because the NMI watchdog shares registers with oprofile, by disabling the NMI |
| 1333 | watchdog, oprofile may have more registers to utilize. | 1333 | watchdog, oprofile may have more registers to utilize. |
| 1334 | 1334 | ||
| 1335 | maps_protect | ||
| 1336 | ------------ | ||
| 1337 | |||
| 1338 | Enables/Disables the protection of the per-process proc entries "maps" and | ||
| 1339 | "smaps". When enabled, the contents of these files are visible only to | ||
| 1340 | readers that are allowed to ptrace() the given process. | ||
| 1341 | |||
| 1342 | msgmni | 1335 | msgmni |
| 1343 | ------ | 1336 | ------ |
| 1344 | 1337 | ||
diff --git a/fs/proc/base.c b/fs/proc/base.c index c1332dd2575d..b5918ae8ca79 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c | |||
| @@ -148,9 +148,6 @@ static unsigned int pid_entry_count_dirs(const struct pid_entry *entries, | |||
| 148 | return count; | 148 | return count; |
| 149 | } | 149 | } |
| 150 | 150 | ||
| 151 | int maps_protect; | ||
| 152 | EXPORT_SYMBOL(maps_protect); | ||
| 153 | |||
| 154 | static struct fs_struct *get_fs_struct(struct task_struct *task) | 151 | static struct fs_struct *get_fs_struct(struct task_struct *task) |
| 155 | { | 152 | { |
| 156 | struct fs_struct *fs; | 153 | struct fs_struct *fs; |
diff --git a/fs/proc/internal.h b/fs/proc/internal.h index 442202314d53..3bfb7b8747b3 100644 --- a/fs/proc/internal.h +++ b/fs/proc/internal.h | |||
| @@ -45,8 +45,6 @@ do { \ | |||
| 45 | extern int nommu_vma_show(struct seq_file *, struct vm_area_struct *); | 45 | extern int nommu_vma_show(struct seq_file *, struct vm_area_struct *); |
| 46 | #endif | 46 | #endif |
| 47 | 47 | ||
| 48 | extern int maps_protect; | ||
| 49 | |||
| 50 | extern int proc_tid_stat(struct seq_file *m, struct pid_namespace *ns, | 48 | extern int proc_tid_stat(struct seq_file *m, struct pid_namespace *ns, |
| 51 | struct pid *pid, struct task_struct *task); | 49 | struct pid *pid, struct task_struct *task); |
| 52 | extern int proc_tgid_stat(struct seq_file *m, struct pid_namespace *ns, | 50 | extern int proc_tgid_stat(struct seq_file *m, struct pid_namespace *ns, |
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index 73d1891ee625..4806830ea2a1 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c | |||
| @@ -210,9 +210,6 @@ static int show_map(struct seq_file *m, void *v) | |||
| 210 | dev_t dev = 0; | 210 | dev_t dev = 0; |
| 211 | int len; | 211 | int len; |
| 212 | 212 | ||
| 213 | if (maps_protect && !ptrace_may_access(task, PTRACE_MODE_READ)) | ||
| 214 | return -EACCES; | ||
| 215 | |||
| 216 | if (file) { | 213 | if (file) { |
| 217 | struct inode *inode = vma->vm_file->f_path.dentry->d_inode; | 214 | struct inode *inode = vma->vm_file->f_path.dentry->d_inode; |
| 218 | dev = inode->i_sb->s_dev; | 215 | dev = inode->i_sb->s_dev; |
| @@ -742,22 +739,11 @@ const struct file_operations proc_pagemap_operations = { | |||
| 742 | #ifdef CONFIG_NUMA | 739 | #ifdef CONFIG_NUMA |
| 743 | extern int show_numa_map(struct seq_file *m, void *v); | 740 | extern int show_numa_map(struct seq_file *m, void *v); |
| 744 | 741 | ||
| 745 | static int show_numa_map_checked(struct seq_file *m, void *v) | ||
| 746 | { | ||
| 747 | struct proc_maps_private *priv = m->private; | ||
| 748 | struct task_struct *task = priv->task; | ||
| 749 | |||
| 750 | if (maps_protect && !ptrace_may_access(task, PTRACE_MODE_READ)) | ||
| 751 | return -EACCES; | ||
| 752 | |||
| 753 | return show_numa_map(m, v); | ||
| 754 | } | ||
| 755 | |||
| 756 | static const struct seq_operations proc_pid_numa_maps_op = { | 742 | static const struct seq_operations proc_pid_numa_maps_op = { |
| 757 | .start = m_start, | 743 | .start = m_start, |
| 758 | .next = m_next, | 744 | .next = m_next, |
| 759 | .stop = m_stop, | 745 | .stop = m_stop, |
| 760 | .show = show_numa_map_checked | 746 | .show = show_numa_map, |
| 761 | }; | 747 | }; |
| 762 | 748 | ||
| 763 | static int numa_maps_open(struct inode *inode, struct file *file) | 749 | static int numa_maps_open(struct inode *inode, struct file *file) |
diff --git a/fs/proc/task_nommu.c b/fs/proc/task_nommu.c index 5d84e7121df8..219bd79ea894 100644 --- a/fs/proc/task_nommu.c +++ b/fs/proc/task_nommu.c | |||
| @@ -110,11 +110,6 @@ int task_statm(struct mm_struct *mm, int *shared, int *text, | |||
| 110 | static int show_map(struct seq_file *m, void *_vml) | 110 | static int show_map(struct seq_file *m, void *_vml) |
| 111 | { | 111 | { |
| 112 | struct vm_list_struct *vml = _vml; | 112 | struct vm_list_struct *vml = _vml; |
| 113 | struct proc_maps_private *priv = m->private; | ||
| 114 | struct task_struct *task = priv->task; | ||
| 115 | |||
| 116 | if (maps_protect && !ptrace_may_access(task, PTRACE_MODE_READ)) | ||
| 117 | return -EACCES; | ||
| 118 | 113 | ||
| 119 | return nommu_vma_show(m, vml->vma); | 114 | return nommu_vma_show(m, vml->vma); |
| 120 | } | 115 | } |
diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 50ec0886fa3d..cc3e0d7a5acf 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c | |||
| @@ -80,7 +80,6 @@ extern int pid_max_min, pid_max_max; | |||
| 80 | extern int sysctl_drop_caches; | 80 | extern int sysctl_drop_caches; |
| 81 | extern int percpu_pagelist_fraction; | 81 | extern int percpu_pagelist_fraction; |
| 82 | extern int compat_log; | 82 | extern int compat_log; |
| 83 | extern int maps_protect; | ||
| 84 | extern int latencytop_enabled; | 83 | extern int latencytop_enabled; |
| 85 | extern int sysctl_nr_open_min, sysctl_nr_open_max; | 84 | extern int sysctl_nr_open_min, sysctl_nr_open_max; |
| 86 | #ifdef CONFIG_RCU_TORTURE_TEST | 85 | #ifdef CONFIG_RCU_TORTURE_TEST |
| @@ -810,16 +809,6 @@ static struct ctl_table kern_table[] = { | |||
| 810 | .proc_handler = &proc_dointvec, | 809 | .proc_handler = &proc_dointvec, |
| 811 | }, | 810 | }, |
| 812 | #endif | 811 | #endif |
| 813 | #ifdef CONFIG_PROC_FS | ||
| 814 | { | ||
| 815 | .ctl_name = CTL_UNNUMBERED, | ||
| 816 | .procname = "maps_protect", | ||
| 817 | .data = &maps_protect, | ||
| 818 | .maxlen = sizeof(int), | ||
| 819 | .mode = 0644, | ||
| 820 | .proc_handler = &proc_dointvec, | ||
| 821 | }, | ||
| 822 | #endif | ||
| 823 | { | 812 | { |
| 824 | .ctl_name = CTL_UNNUMBERED, | 813 | .ctl_name = CTL_UNNUMBERED, |
| 825 | .procname = "poweroff_cmd", | 814 | .procname = "poweroff_cmd", |