Re: [PATCH 2.6.13.1] Patch for invisible threads

[Al Viro]

On Tue, Sep 13, 2005 at 04:30:43PM -0500, Sripathi Kodi wrote:
> Al Viro wrote:
> >
> >Well...  If exposing the list of tasks in a group is OK, we can just leave
> >->permission NULL for that sucker.  If it's not (and arguably it can be
> >sensitive information), we have a bigger problem - right now chroot 
> >boundary
> >is the only control we have there; normally anyone can ls 
> >/proc/<whatever>/task
> >and see other threads.
> >
> 
> Al, I understand that we can't set ->permission to NULL as it removes the 
> chroot boundary check. If I understood you correctly, we need to put 
> additional checks in proc_permission to ensure anyone doing ls 
> /proc/<pid>/task won't be able to see other threads.

Wrong.  We need a separate function, _not_ modifying proc_permssion().
If we need ->permission() at all, that is - note that anyone can do
ls /proc/<pid>/task on other users' process.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/