lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Thu, 19 May 2011 14:27:42 +0300
From:	Alexey Dobriyan <adobriyan@...il.com>
To:	samsonov@...sta.ru
Cc:	linux-kernel@...r.kernel.org
Subject: Re: Some patches for ppp_generic.c and proc/base.c

2011/5/19  <samsonov@...sta.ru>:
> I mean that /proc file permission for process information must be
> secure:

And how exactly adding -w------- bit helps this?

> --- ./linux-2.6.33.4.orig/fs/proc/base.c
> +++ ./linux-2.6.33.4/fs/proc/base.c

2.6.39 was released today.

Never, ever mix several patches in one email.

> @@ -2570,11 +2570,11 @@
>  static const struct inode_operations proc_task_inode_operations;
>
>  static const struct pid_entry tgid_base_stuff[] = {
> -       DIR("task",       S_IRUGO|S_IXUGO, proc_task_inode_operations, proc_task_operations),
> -       DIR("fd",         S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
> -       DIR("fdinfo",     S_IRUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),
> +       DIR("task",       S_IWUSR|S_IRUGO|S_IXUGO, proc_task_inode_operations, proc_task_operations),
> +       DIR("fd",         S_IWUSR|S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
> +       DIR("fdinfo",     S_IRUSR|S_IWUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),
>  #ifdef CONFIG_NET
> -       DIR("net",        S_IRUGO|S_IXUGO, proc_net_inode_operations, proc_net_operations),
> +       DIR("net",        S_IRUGO|S_IWUSR|S_IXUGO, proc_net_inode_operations, proc_net_operations),
>  #endif
>        REG("environ",    S_IRUSR, proc_environ_operations),
>        INF("auxv",       S_IRUSR, proc_pid_auxv),
> @@ -2608,7 +2608,7 @@
>        REG("pagemap",    S_IRUSR, proc_pagemap_operations),
>  #endif
>  #ifdef CONFIG_SECURITY
> -       DIR("attr",       S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
> +       DIR("attr",       S_IRUGO|S_IWUSR|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
>  #endif
>  #ifdef CONFIG_KALLSYMS
>        INF("wchan",      S_IRUGO, proc_pid_wchan),
> @@ -2767,7 +2767,7 @@
>        if (!inode)
>                goto out;
>
> -       inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
> +       inode->i_mode = S_IFDIR|S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP;
>        inode->i_op = &proc_tgid_base_inode_operations;
>        inode->i_fop = &proc_tgid_base_operations;
>        inode->i_flags|=S_IMMUTABLE;
> @@ -2909,8 +2909,8 @@
>  * Tasks
>  */
>  static const struct pid_entry tid_base_stuff[] = {
> -       DIR("fd",        S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
> -       DIR("fdinfo",    S_IRUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),
> +       DIR("fd",        S_IRUSR|S_IWUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
> +       DIR("fdinfo",    S_IRUSR|S_IWUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),
>        REG("environ",   S_IRUSR, proc_environ_operations),
>        INF("auxv",      S_IRUSR, proc_pid_auxv),
>        ONE("status",    S_IRUGO, proc_pid_status),
> @@ -2942,7 +2942,7 @@
>        REG("pagemap",    S_IRUSR, proc_pagemap_operations),
>  #endif
>  #ifdef CONFIG_SECURITY
> -       DIR("attr",      S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
> +       DIR("attr",      S_IRUGO|S_IWUSR|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
>  #endif
>  #ifdef CONFIG_KALLSYMS
>        INF("wchan",     S_IRUGO, proc_pid_wchan),
> @@ -3008,7 +3008,7 @@
>
>        if (!inode)
>                goto out;
> -       inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
> +       inode->i_mode = S_IFDIR|S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP;
>        inode->i_op = &proc_tid_base_inode_operations;
>        inode->i_fop = &proc_tid_base_operations;
>        inode->i_flags|=S_IMMUTABLE;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists