On 08/26, Eric W. Biederman wrote:
>
> Oleg Nesterov <o...@redhat.com> writes:
>
> > proc_fd_permission() says "process can still access /proc/self/fd
> > after it has executed a setuid()", but the "task_pid() = proc_pid()
> > check only helps if the task is group leader, /proc/self points to
> > /proc/leader-pid.
> >
> > Change this check to use task_tgid() so that the whole process can
> > access /proc/self/fd.
>
> There is at least a semantic goofiness here.
>
> There is /proc/<tgid>/fd and /proc/<tgid>/task/<pid>/fd, and the same
> permission check is used by both.
Yes, and we have /proc/<tid>/ which includes fd as well.
> We might just want to have a /proc/thread symlink as well so people
> don't have this issue.
Yes! I agree.
In particular, from the changelog:
Note: CLONE_THREAD doesn't require CLONE_FILES so task->files can
differ,
so /proc/self/fd doesn't necessarily mean current->files, this can confuse
the application.
And I also assume that you agree with this change ;)
Oleg.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
