| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070201150434.GA6023@localhost.sw.ru>
Date: Thu, 1 Feb 2007 18:04:34 +0300
From: Alexey Dobriyan <adobriyan@...nvz.org>
To: akpm@...l.org
Cc: pasky@...e.cz, linux-kernel@...r.kernel.org, devel@...nvz.org
Subject: [RFC] Allow access to /proc/$PID/fd after setuid()
/proc/$PID/fd has r-x------ permissions, so if process does setuid(), it
will not be able to access /proc/*/fd/. This breaks fstatat() emulation
in glibc.
open("foo", O_RDONLY|O_DIRECTORY) = 4
setuid32(65534) = 0
stat64("/proc/self/fd/4/bar", 0xbfafb298) = -1 EACCES (Permission denied)
Signed-off-by: Alexey Dobriyan <adobriyan@...nvz.org>
---
fs/proc/base.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1413,11 +1413,27 @@ static struct file_operations proc_fd_op
.readdir = proc_readfd,
};
+static int proc_fd_permission(struct inode *inode, int mask, struct nameidata *nd)
+{
+ struct task_struct *tsk;
+ int rv;
+
+ rv = generic_permission(inode, mask, NULL);
+ if (rv == 0)
+ return 0;
+ tsk = get_proc_task(inode);
+ if (tsk == current)
+ rv = 0;
+ put_task_struct(tsk);
+ return rv;
+}
+
/*
* proc directories can do almost nothing..
*/
static struct inode_operations proc_fd_inode_operations = {
.lookup = proc_lookupfd,
+ .permission = proc_fd_permission,
.setattr = proc_setattr,
};
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists