Re: [1/1][PATCH] nproc v2: netlink access to /proc information

From: Roger Luethi
Date: Tue Sep 14 2004 - 16:24:09 EST

Next message: William Lee Irwin III: "Re: [profile] amortize atomic hit count increments"
Previous message: DervishD: "Re: /proc/config reducing kernel image size"
In reply to: Chris Wright: "Re: [1/1][PATCH] nproc v2: netlink access to /proc information"
Next in thread: Chris Wright: "Re: [1/1][PATCH] nproc v2: netlink access to /proc information"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 14 Sep 2004 12:05:09 -0700, Chris Wright wrote:
> Understood. Question is, if the request is for data that's associated
> with a task that is in the middle of an execve(setuid_root_app), does
> the credential-check/skb-fill for response happen atomically w.r.t. said
> execve? IOW, is it possible to pass credential check, then fill data
> that's become sensitive since the check happened?

It shouldn't be once we implement access control. I don't pretend to know
what the best way is to prevent that. Checking several times just shrinks
the race window, so I suppose we'd have to lock the source data structures
down prior to checking credentials and copying data.

Roger
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: William Lee Irwin III: "Re: [profile] amortize atomic hit count increments"
Previous message: DervishD: "Re: /proc/config reducing kernel image size"
In reply to: Chris Wright: "Re: [1/1][PATCH] nproc v2: netlink access to /proc information"
Next in thread: Chris Wright: "Re: [1/1][PATCH] nproc v2: netlink access to /proc information"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]