diff options
Diffstat (limited to 'fix-child-thread-introspection.patch')
-rw-r--r-- | fix-child-thread-introspection.patch | 76 |
1 files changed, 0 insertions, 76 deletions
diff --git a/fix-child-thread-introspection.patch b/fix-child-thread-introspection.patch deleted file mode 100644 index 4c0bad1a6..000000000 --- a/fix-child-thread-introspection.patch +++ /dev/null @@ -1,76 +0,0 @@ -Allow threads other than the main thread to do introspection of files in -proc without relying on read permissions. proc_pid_follow_link() calls -proc_fd_access_allowed() which ultimately calls __ptrace_may_access(). - -Though this allows additional access to some proc files, we do not -believe that this has any unintended security implications. However it -probably needs to be looked at carefully. - -The original problem was a thread of a process whose permissions were -111 couldn't open its own /proc/self/exe This was interfering with a -special purpose debugging tool. A simple reproducer is below.: - -#include <pthread.h> -#include <unistd.h> -#include <stdio.h> -#include <errno.h> -#include <stdlib.h> -#include <sys/types.h> - -#define BUFSIZE 2048 - -void *thread_main(void *arg){ - char *str=(char*)arg; - char buf[BUFSIZE]; - ssize_t len=readlink("/proc/self/exe", buf, BUFSIZE); - if(len==-1) - printf("/proc/self/exe in %s: %s\n", str,sys_errlist[errno]); - else - printf("/proc/self/exe in %s: OK\n", str); - - return 0; -} - -int main(){ - pthread_t thread; - - int retval=pthread_create( &thread, NULL, thread_main, "thread"); - if(retval!=0) - exit(1); - - thread_main("main"); - pthread_join(thread, NULL); - - exit(0); -} - -Signed-off-by: Ben Woodard <woodard@redhat.com> -Signed-off-by: Mark Grondona <mgrondona@llnl.gov> ---- - kernel/ptrace.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/kernel/ptrace.c b/kernel/ptrace.c -index acbd284..347c4c7 100644 ---- a/kernel/ptrace.c -+++ b/kernel/ptrace.c -diff -ruNp linux-3.8.4-103.fc17.noarch/kernel/ptrace.c linux-3.8.4-103.fc17.ptrace/kernel/ptrace.c ---- linux-3.8.4-103.fc17.noarch/kernel/ptrace.c 2013-02-18 17:58:34.000000000 -0600 -+++ linux-3.8.4-103.fc17.ptrace/kernel/ptrace.c 2013-03-26 14:59:01.939396346 -0500 -@@ -234,7 +234,7 @@ static int __ptrace_may_access(struct ta - */ - int dumpable = 0; - /* Don't let security modules deny introspection */ -- if (task == current) -+ if (same_thread_group(task, current)) - return 0; - rcu_read_lock(); - tcred = __task_cred(task); --- -1.8.1.4 - --- -To unsubscribe from this list: send the line "unsubscribe linux-kernel" in -the body of a message to majordomo@vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html -Please read the FAQ at http://www.tux.org/lkml/ |