Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit da58a161 authored by Alexey Dobriyan's avatar Alexey Dobriyan Committed by Linus Torvalds
Browse files

/proc/*/environ: wrong placing of ptrace_may_attach() check 



It's a bit dopey-looking and can permit a task to cause a pagefault in an mm
which it doesn't have permission to read from.

Signed-off-by: default avatarAlexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 7126dd05

fs/proc/base.c

+8 −3
Original line number Diff line number Diff line
@@ -204,12 +204,17 @@ static int proc_pid_environ(struct task_struct *task, char * buffer) 
	int res = 0;

	struct mm_struct *mm = get_task_mm(task);

	if (mm) {

		unsigned int len = mm->env_end - mm->env_start;

		unsigned int len;



		res = -ESRCH;

		if (!ptrace_may_attach(task))

			goto out;



		len  = mm->env_end - mm->env_start;

		if (len > PAGE_SIZE)

			len = PAGE_SIZE;

		res = access_process_vm(task, mm->env_start, buffer, len, 0);

		if (!ptrace_may_attach(task))

			res = -ESRCH;

out:

		mmput(mm);

	}

	return res;