diff options
| author | Roland McGrath <roland@redhat.com> | 2008-07-25 22:45:49 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-07-26 15:00:08 -0400 |
| commit | 0d094efeb1e98010c6b99923f1eb7e17bf1e3a74 (patch) | |
| tree | 6ee271b6da5796e5321d2ab6f9d7d9ba03c300a2 /fs/proc | |
| parent | dae33574dcf5211e1f43c7e45fa29f73ba3e00cb (diff) | |
tracehook: tracehook_tracer_task
This adds the tracehook_tracer_task() hook to consolidate all forms of
"Who is using ptrace on me?" logic. This is used for "TracerPid:" in
/proc and for permission checks. We also clean up the selinux code the
called an identical accessor.
Signed-off-by: Roland McGrath <roland@redhat.com>
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Reviewed-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/proc')
| -rw-r--r-- | fs/proc/array.c | 9 | ||||
| -rw-r--r-- | fs/proc/base.c | 13 |
2 files changed, 16 insertions, 6 deletions
diff --git a/fs/proc/array.c b/fs/proc/array.c index 797d775e0354..0d6eb33597c6 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c | |||
| @@ -80,6 +80,7 @@ | |||
| 80 | #include <linux/delayacct.h> | 80 | #include <linux/delayacct.h> |
| 81 | #include <linux/seq_file.h> | 81 | #include <linux/seq_file.h> |
| 82 | #include <linux/pid_namespace.h> | 82 | #include <linux/pid_namespace.h> |
| 83 | #include <linux/tracehook.h> | ||
| 83 | 84 | ||
| 84 | #include <asm/pgtable.h> | 85 | #include <asm/pgtable.h> |
| 85 | #include <asm/processor.h> | 86 | #include <asm/processor.h> |
| @@ -168,8 +169,12 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, | |||
| 168 | rcu_read_lock(); | 169 | rcu_read_lock(); |
| 169 | ppid = pid_alive(p) ? | 170 | ppid = pid_alive(p) ? |
| 170 | task_tgid_nr_ns(rcu_dereference(p->real_parent), ns) : 0; | 171 | task_tgid_nr_ns(rcu_dereference(p->real_parent), ns) : 0; |
| 171 | tpid = pid_alive(p) && p->ptrace ? | 172 | tpid = 0; |
| 172 | task_pid_nr_ns(rcu_dereference(p->parent), ns) : 0; | 173 | if (pid_alive(p)) { |
| 174 | struct task_struct *tracer = tracehook_tracer_task(p); | ||
| 175 | if (tracer) | ||
| 176 | tpid = task_pid_nr_ns(tracer, ns); | ||
| 177 | } | ||
| 173 | seq_printf(m, | 178 | seq_printf(m, |
| 174 | "State:\t%s\n" | 179 | "State:\t%s\n" |
| 175 | "Tgid:\t%d\n" | 180 | "Tgid:\t%d\n" |
diff --git a/fs/proc/base.c b/fs/proc/base.c index a891fe4cb43b..4b74dba69a6d 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c | |||
| @@ -69,6 +69,7 @@ | |||
| 69 | #include <linux/mount.h> | 69 | #include <linux/mount.h> |
| 70 | #include <linux/security.h> | 70 | #include <linux/security.h> |
| 71 | #include <linux/ptrace.h> | 71 | #include <linux/ptrace.h> |
| 72 | #include <linux/tracehook.h> | ||
| 72 | #include <linux/cgroup.h> | 73 | #include <linux/cgroup.h> |
| 73 | #include <linux/cpuset.h> | 74 | #include <linux/cpuset.h> |
| 74 | #include <linux/audit.h> | 75 | #include <linux/audit.h> |
| @@ -231,10 +232,14 @@ static int check_mem_permission(struct task_struct *task) | |||
| 231 | * If current is actively ptrace'ing, and would also be | 232 | * If current is actively ptrace'ing, and would also be |
| 232 | * permitted to freshly attach with ptrace now, permit it. | 233 | * permitted to freshly attach with ptrace now, permit it. |
| 233 | */ | 234 | */ |
| 234 | if (task->parent == current && (task->ptrace & PT_PTRACED) && | 235 | if (task_is_stopped_or_traced(task)) { |
| 235 | task_is_stopped_or_traced(task) && | 236 | int match; |
| 236 | ptrace_may_access(task, PTRACE_MODE_ATTACH)) | 237 | rcu_read_lock(); |
| 237 | return 0; | 238 | match = (tracehook_tracer_task(task) == current); |
| 239 | rcu_read_unlock(); | ||
| 240 | if (match && ptrace_may_access(task, PTRACE_MODE_ATTACH)) | ||
| 241 | return 0; | ||
| 242 | } | ||
| 238 | 243 | ||
| 239 | /* | 244 | /* |
| 240 | * Noone else is allowed. | 245 | * Noone else is allowed. |