Re: [RFC][PATCH] security: split ptrace checking in proc

[Chris Wright]

* Stephen Smalley (sds@xxxxxxxxxxxxx) wrote:
> As above, it isn't quite a read vs. readwrite mode distinction (which is
> why I called it ptrace_may_readstate rather than just ptrace_may_read),
> and the advantage of implementing it via a new interface is that we only
> need to update the callers where we want to apply this different
> checking, leaving all other callers unmodified and unaffected.  So while
> I could do it the way you describe, I'm not sure it would yield a better
> result.  Maybe others can chime in with their opinions.

It is slightly ad-hoc.  Is it just the audit messages that you described
that made you pick environ and fd, or was there more specific (threat
based) reasoning?  Would /proc/pid/fd/ + genfs + e.g. anonfd be a little
wider than just readstate?

Perhaps you could update the comments in ptrace_may_inspect() to clarify.

thanks,
-chris
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/