question about /proc/<PID>/mem in 2.4

From: Tigran Aivazian
Date: Mon Jul 05 2004 - 07:51:58 EST

Next message: Arnd Bergmann: "Re: watchdog infrastructure"
Previous message: Michael Tasche: "Re: Crash when loading a module (without executing any code of the module!)"
Next in thread: FabF: "Re: question about /proc/<PID>/mem in 2.4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

I noticed that in 2.4.x kernels the fs/proc/base.c:mem_read() function has
this permission check:

if (!MAY_PTRACE(task) || !may_ptrace_attach(task))
return -ESRCH;

Are you sure it shouldn't be like this instead:

if (!MAY_PTRACE(task) && !may_ptrace_attach(task))
return -ESRCH;

Because, normally MAY_PTRACE() is 0 (i.e. for any process worth looking at :)
so may_ptrace_attach() is never even called.

Is there any reason for the above check on each read(2)? Shouldn't there
be a simple check at ->open() time only? I assume this is to close some
obscure "security hole" but I would like to see the explanation of how
could any problem arise if a) such check wasn't done at all (except at
open(2) time) or at least b) there was && instead of ||.

The 2.6.x situation is similar except the addition of the security stuff.

Kind regards
Tigran

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Arnd Bergmann: "Re: watchdog infrastructure"
Previous message: Michael Tasche: "Re: Crash when loading a module (without executing any code of the module!)"
Next in thread: FabF: "Re: question about /proc/<PID>/mem in 2.4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]