diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2006-06-26 03:25:45 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-06-26 12:58:24 -0400 |
commit | 68602066c3327fa340899609d715781eda423751 (patch) | |
tree | fdd1db5b08755bf2c353364b56a778f62e5009f4 /fs/proc/base.c | |
parent | aed7a6c476d90660ac5af860158407ae9fe61c68 (diff) |
[PATCH] proc: Remove bogus proc_task_permission
First we can access every /proc/<tgid>/task/<pid> directory as /proc/<pid> so
proc_task_permission is not usefully limiting visibility.
Second having related filesystems information should have nothing to do with
process visibility. kill does not implement any checks like that.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs/proc/base.c')
-rw-r--r-- | fs/proc/base.c | 63 |
1 files changed, 0 insertions, 63 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c index 9562df760901..6080672276d5 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c | |||
@@ -361,54 +361,6 @@ static int proc_root_link(struct inode *inode, struct dentry **dentry, struct vf | |||
361 | return result; | 361 | return result; |
362 | } | 362 | } |
363 | 363 | ||
364 | |||
365 | /* Same as proc_root_link, but this addionally tries to get fs from other | ||
366 | * threads in the group */ | ||
367 | static int proc_task_root_link(struct inode *inode, struct dentry **dentry, | ||
368 | struct vfsmount **mnt) | ||
369 | { | ||
370 | struct fs_struct *fs; | ||
371 | int result = -ENOENT; | ||
372 | struct task_struct *leader = proc_task(inode); | ||
373 | |||
374 | task_lock(leader); | ||
375 | fs = leader->fs; | ||
376 | if (fs) { | ||
377 | atomic_inc(&fs->count); | ||
378 | task_unlock(leader); | ||
379 | } else { | ||
380 | /* Try to get fs from other threads */ | ||
381 | task_unlock(leader); | ||
382 | read_lock(&tasklist_lock); | ||
383 | if (pid_alive(leader)) { | ||
384 | struct task_struct *task = leader; | ||
385 | |||
386 | while ((task = next_thread(task)) != leader) { | ||
387 | task_lock(task); | ||
388 | fs = task->fs; | ||
389 | if (fs) { | ||
390 | atomic_inc(&fs->count); | ||
391 | task_unlock(task); | ||
392 | break; | ||
393 | } | ||
394 | task_unlock(task); | ||
395 | } | ||
396 | } | ||
397 | read_unlock(&tasklist_lock); | ||
398 | } | ||
399 | |||
400 | if (fs) { | ||
401 | read_lock(&fs->lock); | ||
402 | *mnt = mntget(fs->rootmnt); | ||
403 | *dentry = dget(fs->root); | ||
404 | read_unlock(&fs->lock); | ||
405 | result = 0; | ||
406 | put_fs_struct(fs); | ||
407 | } | ||
408 | return result; | ||
409 | } | ||
410 | |||
411 | |||
412 | #define MAY_PTRACE(task) \ | 364 | #define MAY_PTRACE(task) \ |
413 | (task == current || \ | 365 | (task == current || \ |
414 | (task->parent == current && \ | 366 | (task->parent == current && \ |
@@ -600,20 +552,6 @@ static int proc_permission(struct inode *inode, int mask, struct nameidata *nd) | |||
600 | return proc_check_root(inode); | 552 | return proc_check_root(inode); |
601 | } | 553 | } |
602 | 554 | ||
603 | static int proc_task_permission(struct inode *inode, int mask, struct nameidata *nd) | ||
604 | { | ||
605 | struct dentry *root; | ||
606 | struct vfsmount *vfsmnt; | ||
607 | |||
608 | if (generic_permission(inode, mask, NULL) != 0) | ||
609 | return -EACCES; | ||
610 | |||
611 | if (proc_task_root_link(inode, &root, &vfsmnt)) | ||
612 | return -ENOENT; | ||
613 | |||
614 | return proc_check_chroot(root, vfsmnt); | ||
615 | } | ||
616 | |||
617 | extern struct seq_operations proc_pid_maps_op; | 555 | extern struct seq_operations proc_pid_maps_op; |
618 | static int maps_open(struct inode *inode, struct file *file) | 556 | static int maps_open(struct inode *inode, struct file *file) |
619 | { | 557 | { |
@@ -1583,7 +1521,6 @@ static struct inode_operations proc_fd_inode_operations = { | |||
1583 | 1521 | ||
1584 | static struct inode_operations proc_task_inode_operations = { | 1522 | static struct inode_operations proc_task_inode_operations = { |
1585 | .lookup = proc_task_lookup, | 1523 | .lookup = proc_task_lookup, |
1586 | .permission = proc_task_permission, | ||
1587 | }; | 1524 | }; |
1588 | 1525 | ||
1589 | #ifdef CONFIG_SECURITY | 1526 | #ifdef CONFIG_SECURITY |