| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <871qrt4ymg.fsf@email.froward.int.ebiederm.org>
Date: Thu, 29 Sep 2022 17:14:15 -0500
From: "Eric W. Biederman" <ebiederm@...ssion.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Al Viro <viro@...iv.linux.org.uk>,
David Laight <David.Laight@...lab.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"Serge E. Hallyn" <serge@...lyn.com>
Subject: Re: [PATCH 3/4] proc: Point /proc/net at /proc/thread-self/net
instead of /proc/self/net
Linus Torvalds <torvalds@...ux-foundation.org> writes:
> On Thu, Sep 29, 2022 at 2:15 PM Al Viro <viro@...iv.linux.org.uk> wrote:
>>
>> FWIW, what e.g. debian profile for dhclient has is
>> @{PROC}/@...d}/net/dev r,
>>
>> Note that it's not
>> @{PROC}/net/dev r,
>
> Argh. Yeah, then a bind mount or a hardlink won't work either, you're
> right. I was assuming that any Apparmor rules allowed for just
> /proc/net.
>
> Oh well. I guess we're screwed any which way we turn.
I actually think there is a solution.
Instead of going to /proc/self/net -> /proc/tgid/net
or /proc/thread-self/net -> /proc/tgid/task/tid/net
We should be able to go to: /proc/tid/net
That directory does not show up in readdir, but the tid directories were
put in /proc because of how our pthread support evolved and gdb which
made gdb expect them to be their.
That should continue to work with the incomplete apparmor rules that
don't allow accessing /proc/tgid/tid/net for some reason.
Eric
Powered by blists - more mailing lists