| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACVxJT_cC1BZvfVxhNfa45zwUzO6=b6qef61XbnMaRLQmYtchg@mail.gmail.com>
Date: Fri, 10 Nov 2017 12:36:48 +0200
From: Alexey Dobriyan <adobriyan@...il.com>
To: Djalal Harouni <tixxdz@...il.com>
Cc: Kees Cook <keescook@...omium.org>,
Alexey Gladkov <gladkov.alexey@...il.com>,
Andy Lutomirski <luto@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
kernel-hardening@...ts.openwall.com,
linux-security-module@...r.kernel.org, linux-api@...r.kernel.org,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Alexander Viro <viro@...iv.linux.org.uk>,
Akinobu Mita <akinobu.mita@...il.com>, me@...in.cc,
Oleg Nesterov <oleg@...hat.com>,
Jeff Layton <jlayton@...chiereds.net>,
Ingo Molnar <mingo@...nel.org>, ebiederm@...ssion.com,
Linus Torvalds <torvalds@...ux-foundation.org>,
Daniel Micay <danielmicay@...il.com>,
Jonathan Corbet <corbet@....net>, bfields@...ldses.org,
Stephen Rothwell <sfr@...b.auug.org.au>, solar@...nwall.com
Subject: Re: [PATCH RFC v3 3/7] proc: add helpers to set and get proc hidepid
and gid mount options
On 11/9/17, Djalal Harouni <tixxdz@...il.com> wrote:
> --- a/fs/proc/base.c
> +++ b/fs/proc/base.c
> -static bool has_pid_permissions(struct pid_namespace *pid,
> +static bool has_pid_permissions(struct proc_fs_info *fs_info,
More "const".
> diff --git a/fs/proc/inode.c b/fs/proc/inode.c
> index 9abc370..bdd808d 100644
> --- a/fs/proc/inode.c
> +++ b/fs/proc/inode.c
> @@ -476,11 +476,12 @@ struct inode *proc_get_inode(struct super_block *sb,
> struct proc_dir_entry *de)
> int proc_fill_super(struct super_block *s, void *data, int silent)
> {
> struct proc_fs_info *fs_info = proc_sb(s);
> - struct pid_namespace *ns = get_pid_ns(fs_info->pid_ns);
> struct inode *root_inode;
> int ret;
>
> - if (!proc_parse_options(data, ns))
> + get_pid_ns(fs_info->pid_ns);
> +
> + if (!proc_parse_options(data, fs_info))
> return -EINVAL;
>
> /* User space would break if executables or devices appear on proc */
> diff --git a/fs/proc/internal.h b/fs/proc/internal.h
> index 4a67188..10bc7be 100644
> --- a/fs/proc/internal.h
> +++ b/fs/proc/internal.h
> @@ -240,7 +240,7 @@ static inline void proc_tty_init(void) {}
> * root.c
> */
> extern struct proc_dir_entry proc_root;
> -extern int proc_parse_options(char *options, struct pid_namespace *pid);
> +extern int proc_parse_options(char *options, struct proc_fs_info
> *fs_info);
"extern" can be dropped if you're touching prototype anyway.
> +static inline int proc_fs_hide_pid(struct proc_fs_info *fs_info)
> +{
> + return fs_info->pid_ns->hide_pid;
> +}
> +
> +static inline kgid_t proc_fs_pid_gid(struct proc_fs_info *fs_info)
> +{
> + return fs_info->pid_ns->pid_gid;
> +}
More "const".
> @@ -59,6 +81,24 @@ static inline void proc_flush_task(struct task_struct
> *task)
> {
> }
>
> +static inline void proc_fs_set_hide_pid(struct proc_fs_info *fs_info, int
> hide_pid)
> +{
> +}
> +
> +static inline void proc_fs_set_pid_gid(struct proc_info_fs *fs_info, kgid_t
> gid)
> +{
> +}
> +
> +static inline int proc_fs_hide_pid(struct proc_fs_info *fs_info)
> +{
> + return 0;
> +}
> +
> +extern kgid_t proc_fs_pid_gid(struct proc_fs_info *fs_info)
ehh?
> +{
> + return GLOBAL_ROOT_GID;
> +}
Powered by blists - more mailing lists