Commit 68602066 authored by Eric W. Biederman's avatar Eric W. Biederman Committed by Linus Torvalds

[PATCH] proc: Remove bogus proc_task_permission

First we can access every /proc/<tgid>/task/<pid> directory as /proc/<pid> so
proc_task_permission is not usefully limiting visibility.

Second having related filesystems information should have nothing to do with
process visibility.  kill does not implement any checks like that.
Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent aed7a6c4
...@@ -361,54 +361,6 @@ static int proc_root_link(struct inode *inode, struct dentry **dentry, struct vf ...@@ -361,54 +361,6 @@ static int proc_root_link(struct inode *inode, struct dentry **dentry, struct vf
return result; return result;
} }
/* Same as proc_root_link, but this addionally tries to get fs from other
* threads in the group */
static int proc_task_root_link(struct inode *inode, struct dentry **dentry,
struct vfsmount **mnt)
{
struct fs_struct *fs;
int result = -ENOENT;
struct task_struct *leader = proc_task(inode);
task_lock(leader);
fs = leader->fs;
if (fs) {
atomic_inc(&fs->count);
task_unlock(leader);
} else {
/* Try to get fs from other threads */
task_unlock(leader);
read_lock(&tasklist_lock);
if (pid_alive(leader)) {
struct task_struct *task = leader;
while ((task = next_thread(task)) != leader) {
task_lock(task);
fs = task->fs;
if (fs) {
atomic_inc(&fs->count);
task_unlock(task);
break;
}
task_unlock(task);
}
}
read_unlock(&tasklist_lock);
}
if (fs) {
read_lock(&fs->lock);
*mnt = mntget(fs->rootmnt);
*dentry = dget(fs->root);
read_unlock(&fs->lock);
result = 0;
put_fs_struct(fs);
}
return result;
}
#define MAY_PTRACE(task) \ #define MAY_PTRACE(task) \
(task == current || \ (task == current || \
(task->parent == current && \ (task->parent == current && \
...@@ -600,20 +552,6 @@ static int proc_permission(struct inode *inode, int mask, struct nameidata *nd) ...@@ -600,20 +552,6 @@ static int proc_permission(struct inode *inode, int mask, struct nameidata *nd)
return proc_check_root(inode); return proc_check_root(inode);
} }
static int proc_task_permission(struct inode *inode, int mask, struct nameidata *nd)
{
struct dentry *root;
struct vfsmount *vfsmnt;
if (generic_permission(inode, mask, NULL) != 0)
return -EACCES;
if (proc_task_root_link(inode, &root, &vfsmnt))
return -ENOENT;
return proc_check_chroot(root, vfsmnt);
}
extern struct seq_operations proc_pid_maps_op; extern struct seq_operations proc_pid_maps_op;
static int maps_open(struct inode *inode, struct file *file) static int maps_open(struct inode *inode, struct file *file)
{ {
...@@ -1583,7 +1521,6 @@ static struct inode_operations proc_fd_inode_operations = { ...@@ -1583,7 +1521,6 @@ static struct inode_operations proc_fd_inode_operations = {
static struct inode_operations proc_task_inode_operations = { static struct inode_operations proc_task_inode_operations = {
.lookup = proc_task_lookup, .lookup = proc_task_lookup,
.permission = proc_task_permission,
}; };
#ifdef CONFIG_SECURITY #ifdef CONFIG_SECURITY
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment