Re: [1/1][PATCH] nproc v2: netlink access to /proc information

[Roger Luethi]

On Tue, 14 Sep 2004 11:37:36 -0700, Chris Wright wrote:
> * William Lee Irwin III (wli@xxxxxxxxxxxxxx) wrote:
> > On Tue, 14 Sep 2004 08:37:58 -0700, William Lee Irwin III wrote:
> > >> No, in general races of the form "permissions were altered after I
> > >> checked them" can happen.
> > 
> > On Tue, Sep 14, 2004 at 06:01:50PM +0200, Roger Luethi wrote:
> > > Can you make an example? Some scenario where this would be important?
> > 
> > Not particularly. It largely means poorly-coded apps may report gibberish.
> 
> Canonical example is access(2) followed by open(2), not really relevant
> in this case.  However, exec setuid root app...when do you check, and
> when to you fill in data to send back to user?  For /proc, this type of
> check happens often (see things like may_ptrace_attach and
> task_dumpable in fs/proc/base.c).

For nproc, the procedure looks like this: A tool send(2)s a request,
credentials are attached to skb. Based on said credentials, the kernel
is free to provide (netlink_unicast to originating socket) or withhold
information. In this regard, nproc works like other netlink interfaces.

Roger
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/