Re: [PATCH 2/2] taskstats: restrict access to user
From: Balbir Singh
Date: Sun Jul 03 2011 - 22:58:41 EST
On Sat, Jul 2, 2011 at 1:06 PM, Vasiliy Kulikov <segoon@xxxxxxxxxxxx> wrote:
> On Thu, Jun 30, 2011 at 00:17 +0400, Vasiliy Kulikov wrote:
>> On Wed, Jun 29, 2011 at 06:57 +0530, Balbir Singh wrote:
>> > On Fri, Jun 24, 2011 at 5:39 PM, Vasiliy Kulikov <segoon@xxxxxxxxxxxx> wrote:
>> > > + task = find_task_by_vpid(s->pid);
>> > > + if (!task || __task_cred(task)->euid != cred->euid) {
>>
>> If consider this patch for inclusion, it also needs some check for
>> the listener root ability. __task_cred(task)->euid == 0 or smth like
>> that. But ptrace_task_may_access_current() is better.
>
> So... What to do with this patch? Should I resend it with euid==0 and
> rcu optimication, wait for the new ptrace interface or what?
>
>
Hi, Vasiliy,
Would it be possible to audit the entire taskstats structure to see
what fields should and should not be exposed. If a particular field
should not be exposed, we can fill it in with a special value
indicating additional permission is required to see it and fill in
those fields only when credentials match like you've shown
Does that make sense?
Balbir Singh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/