diff options
| author | Alexey Dobriyan <adobriyan@sw.ru> | 2007-07-16 02:40:21 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-07-16 12:05:44 -0400 |
| commit | da58a1617343e345d435953a0f32024997a95164 (patch) | |
| tree | 12a0ad4a92221d38dd8846f63063a8414c44655d /fs/proc | |
| parent | 7126dd0562c78fa393a53120155e9b265cc68f9d (diff) | |
/proc/*/environ: wrong placing of ptrace_may_attach() check
It's a bit dopey-looking and can permit a task to cause a pagefault in an mm
which it doesn't have permission to read from.
Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/proc')
| -rw-r--r-- | fs/proc/base.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c index 46ea5d56e1bb..d0921944e68c 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c | |||
| @@ -204,12 +204,17 @@ static int proc_pid_environ(struct task_struct *task, char * buffer) | |||
| 204 | int res = 0; | 204 | int res = 0; |
| 205 | struct mm_struct *mm = get_task_mm(task); | 205 | struct mm_struct *mm = get_task_mm(task); |
| 206 | if (mm) { | 206 | if (mm) { |
| 207 | unsigned int len = mm->env_end - mm->env_start; | 207 | unsigned int len; |
| 208 | |||
| 209 | res = -ESRCH; | ||
| 210 | if (!ptrace_may_attach(task)) | ||
| 211 | goto out; | ||
| 212 | |||
| 213 | len = mm->env_end - mm->env_start; | ||
| 208 | if (len > PAGE_SIZE) | 214 | if (len > PAGE_SIZE) |
| 209 | len = PAGE_SIZE; | 215 | len = PAGE_SIZE; |
| 210 | res = access_process_vm(task, mm->env_start, buffer, len, 0); | 216 | res = access_process_vm(task, mm->env_start, buffer, len, 0); |
| 211 | if (!ptrace_may_attach(task)) | 217 | out: |
| 212 | res = -ESRCH; | ||
| 213 | mmput(mm); | 218 | mmput(mm); |
| 214 | } | 219 | } |
| 215 | return res; | 220 | return res; |