Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 68602066 authored by Eric W. Biederman's avatar Eric W. Biederman Committed by Linus Torvalds
Browse files

[PATCH] proc: Remove bogus proc_task_permission 



First we can access every /proc/<tgid>/task/<pid> directory as /proc/<pid> so
proc_task_permission is not usefully limiting visibility.

Second having related filesystems information should have nothing to do with
process visibility.  kill does not implement any checks like that.

Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent aed7a6c4

fs/proc/base.c

+0 −63
Original line number Diff line number Diff line
@@ -361,54 +361,6 @@ static int proc_root_link(struct inode *inode, struct dentry **dentry, struct vf 
	return result;

}





/* Same as proc_root_link, but this addionally tries to get fs from other

 * threads in the group */

static int proc_task_root_link(struct inode *inode, struct dentry **dentry,

				struct vfsmount **mnt)

{

	struct fs_struct *fs;

	int result = -ENOENT;

	struct task_struct *leader = proc_task(inode);



	task_lock(leader);

	fs = leader->fs;

	if (fs) {

		atomic_inc(&fs->count);

		task_unlock(leader);

	} else {

		/* Try to get fs from other threads */

		task_unlock(leader);

		read_lock(&tasklist_lock);

		if (pid_alive(leader)) {

			struct task_struct *task = leader;



			while ((task = next_thread(task)) != leader) {

				task_lock(task);

				fs = task->fs;

				if (fs) {

					atomic_inc(&fs->count);

					task_unlock(task);

					break;

				}

				task_unlock(task);

			}

		}

		read_unlock(&tasklist_lock);

	}



	if (fs) {

		read_lock(&fs->lock);

		*mnt = mntget(fs->rootmnt);

		*dentry = dget(fs->root);

		read_unlock(&fs->lock);

		result = 0;

		put_fs_struct(fs);

	}

	return result;

}





#define MAY_PTRACE(task) \

	(task == current || \

	(task->parent == current && \
@@ -600,20 +552,6 @@ static int proc_permission(struct inode *inode, int mask, struct nameidata *nd) 
	return proc_check_root(inode);

}



static int proc_task_permission(struct inode *inode, int mask, struct nameidata *nd)

{

	struct dentry *root;

	struct vfsmount *vfsmnt;



	if (generic_permission(inode, mask, NULL) != 0)

		return -EACCES;



	if (proc_task_root_link(inode, &root, &vfsmnt))

		return -ENOENT;



	return proc_check_chroot(root, vfsmnt);

}



extern struct seq_operations proc_pid_maps_op;

static int maps_open(struct inode *inode, struct file *file)

{
@@ -1583,7 +1521,6 @@ static struct inode_operations proc_fd_inode_operations = { 


static struct inode_operations proc_task_inode_operations = {

	.lookup		= proc_task_lookup,

	.permission	= proc_task_permission,

};



#ifdef CONFIG_SECURITY