linux/fs
Eric W. Biederman df26c40e56 [PATCH] proc: Cleanup proc_fd_access_allowed
In process of getting proc_fd_access_allowed to work it has developed a few
warts.  In particular the special case that always allows introspection and
the special case to allow inspection of kernel threads.

The special case for introspection is needed for /proc/self/mem.

The special case for kernel threads really should be overridable
by security modules.

So consolidate these checks into ptrace.c:may_attach().

The check to always allow introspection is trivial.

The check to allow access to kernel threads, and zombies is a little
trickier.  mem_read and mem_write already verify an mm exists so it isn't
needed twice.  proc_fd_access_allowed only doesn't want a check to verify
task->mm exits, s it prevents all access to kernel threads.  So just move
the task->mm check into ptrace_attach where it is needed for practical
reasons.

I did a quick audit and none of the security modules in the kernel seem to
care if they are passed a task without an mm into security_ptrace.  So the
above move should be safe and it allows security modules to come up with
more restrictive policy.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Chris Wright <chrisw@sous-sol.org>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-26 09:58:26 -07:00
..
9p Merge git://git.linux-nfs.org/pub/linux/nfs-2.6 2006-06-25 10:54:14 -07:00
adfs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
affs [PATCH] fix %s in affs_fill_super() 2006-06-25 10:01:22 -07:00
afs [PATCH] fs: use list_move() 2006-06-26 09:58:18 -07:00
autofs [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
autofs4 [PATCH] fs: use list_move() 2006-06-26 09:58:18 -07:00
befs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
bfs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
cifs Merge branch 'master' of /home/trondmy/kernel/linux-2.6/ 2006-06-24 13:07:53 -04:00
coda [PATCH] use list_add_tail() instead of list_add() 2006-06-26 09:58:17 -07:00
configfs [PATCH] fs: use list_move() 2006-06-26 09:58:18 -07:00
cramfs [PATCH] read_mapping_page for address space 2006-06-23 07:43:02 -07:00
debugfs Merge branch 'master' of /home/trondmy/kernel/linux-2.6/ 2006-06-24 13:07:53 -04:00
devfs [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
devpts [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
efs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
exportfs [PATCH] NFS server subtree_check returns dubious value 2006-05-21 12:59:16 -07:00
ext2 [PATCH] ext2: cleanup: put_page and comment fix 2006-06-25 10:01:25 -07:00
ext3 [PATCH] ext3: Add "-o bh" option 2006-06-26 09:58:20 -07:00
fat [PATCH] fs/fat/misc.c: unexport fat_sync_bhs 2006-06-23 07:43:03 -07:00
freevxfs [PATCH] fs/freevxfs: cleanup of spelling errors 2006-06-25 10:01:01 -07:00
fuse Merge git://git.linux-nfs.org/pub/linux/nfs-2.6 2006-06-25 10:54:14 -07:00
hfs [PATCH] read_mapping_page for address space 2006-06-23 07:43:02 -07:00
hfsplus [PATCH] read_mapping_page for address space 2006-06-23 07:43:02 -07:00
hostfs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
hpfs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
hppfs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
hugetlbfs [PATCH] tightening hugetlb strict accounting 2006-06-23 07:42:48 -07:00
isofs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
jbd [PATCH] ext3: fix memory leak when the journal file is corrupted 2006-06-25 10:01:07 -07:00
jffs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
jffs2 [PATCH] fs: use list_move() 2006-06-26 09:58:18 -07:00
jfs [PATCH] read_mapping_page for address space 2006-06-23 07:43:02 -07:00
lockd NLM: Fix reclaim races 2006-06-09 09:40:27 -04:00
minix [PATCH] read_mapping_page for address space 2006-06-23 07:43:02 -07:00
msdos [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
ncpfs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
nfs Fix NFS2 compile error 2006-06-25 12:30:33 -07:00
nfs_common
nfsd [PATCH] fs: use list_move() 2006-06-26 09:58:18 -07:00
nls
ntfs [PATCH] Prepare for __copy_from_user_inatomic to not zero missed bytes 2006-06-25 10:01:09 -07:00
ocfs2 [PATCH] fs: use list_move() 2006-06-26 09:58:18 -07:00
openpromfs [PATCH] openpromfs: factorize out 2006-06-25 10:01:05 -07:00
partitions [PATCH] make kernel warn about incorrectly sized partitions 2006-06-23 07:43:09 -07:00
proc [PATCH] proc: Cleanup proc_fd_access_allowed 2006-06-26 09:58:26 -07:00
qnx4 [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
ramfs [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
reiserfs [PATCH] reiserfs: remove reiserfs_aio_write() 2006-06-26 09:58:19 -07:00
romfs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
smbfs [PATCH] fs: use list_move() 2006-06-26 09:58:18 -07:00
sysfs [PATCH] core: use list_move() 2006-06-26 09:58:17 -07:00
sysv [PATCH] read_mapping_page for address space 2006-06-23 07:43:02 -07:00
udf [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
ufs [PATCH] fs/ufs/inode.c: make 2 functions static 2006-06-25 10:01:04 -07:00
vfat [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
xfs [PATCH] xfs: update ->flush method proto 2006-06-25 17:43:32 -07:00
aio.c [PATCH] list: use list_replace_init() instead of list_splice_init() 2006-06-23 07:43:07 -07:00
attr.c
bad_inode.c [PATCH] Make most file operations structs in fs/ const 2006-03-28 09:16:06 -08:00
binfmt_aout.c
binfmt_elf_fdpic.c [PATCH] frv: binfmt_elf_fdpic __user annotations 2006-06-23 07:42:54 -07:00
binfmt_elf.c [PATCH] binflt_elf: remove more casts 2006-06-23 07:43:05 -07:00
binfmt_em86.c
binfmt_flat.c [PATCH] uclinux: use PER_LINUX_32BIT in binfmt_flat 2006-06-25 21:04:24 -07:00
binfmt_misc.c Merge branch 'master' of /home/trondmy/kernel/linux-2.6/ 2006-06-24 13:07:53 -04:00
binfmt_script.c
binfmt_som.c
bio.c [PATCH] Fix missing ret assignment in __bio_map_user() error path 2006-06-17 10:52:12 -07:00
block_dev.c [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
buffer.c [PATCH] Kill PF_SYNCWRITE flag 2006-06-23 17:10:39 +02:00
char_dev.c [PATCH] Simplify proc/devices and fix early termination regression 2006-03-31 12:18:53 -08:00
compat_ioctl.c [PATCH] i4l: Gigaset drivers: add IOCTLs to compat_ioctl.h 2006-06-26 09:58:23 -07:00
compat.c [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
dcache.c [PATCH] core: use list_move() 2006-06-26 09:58:17 -07:00
dcookies.c
direct-io.c [PATCH] Kill PF_SYNCWRITE flag 2006-06-23 17:10:39 +02:00
dnotify.c
dquot.c [PATCH] use list_add_tail() instead of list_add() 2006-06-26 09:58:17 -07:00
drop_caches.c
eventpoll.c [PATCH] epoll: use unlocked wqueue operations 2006-06-25 10:01:13 -07:00
exec.c [PATCH] proc: Rewrite the proc dentry flush on exit optimization 2006-06-26 09:58:24 -07:00
fcntl.c BUG_ON() Conversion in fs/fcntl.c 2006-04-02 13:37:19 +02:00
fifo.c [PATCH] pipe.c/fifo.c code cleanups 2006-04-11 13:53:33 +02:00
file_table.c [PATCH] percpu counter data type changes to suppport more than 2**31 ext3 free blocks counter 2006-06-23 07:43:06 -07:00
file.c
filesystems.c
fs-writeback.c [PATCH] Kill PF_SYNCWRITE flag 2006-06-23 17:10:39 +02:00
inode.c BUG_ON() Conversion in fs/inode.c 2006-04-02 13:38:18 +02:00
inotify_user.c [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
inotify.c [PATCH] inotify (4/5): allow watch removal from event handler 2006-06-20 05:25:19 -04:00
ioctl.c
ioprio.c [PATCH] lsm: add task_setioprio hook 2006-06-23 07:42:53 -07:00
Kconfig [PATCH] nfsd kconfig: select things at the closest tristate instead of bool 2006-06-26 09:58:23 -07:00
Kconfig.binfmt
libfs.c [PATCH] core: use list_move() 2006-06-26 09:58:17 -07:00
locks.c [PATCH] fs/locks.c: make posix_locks_deadlock() static 2006-06-23 07:43:03 -07:00
Makefile [PATCH] inotify (1/5): split kernel API from userspace support 2006-06-20 05:25:17 -04:00
mbcache.c [PATCH] Typo fixes 2006-03-28 09:16:08 -08:00
mpage.c [PATCH] writeback: fix range handling 2006-06-23 07:42:49 -07:00
namei.c [PATCH] Implement AT_SYMLINK_FOLLOW flag for linkat 2006-06-25 10:01:22 -07:00
namespace.c [PATCH] core: use list_move() 2006-06-26 09:58:17 -07:00
nfsctl.c
open.c [PATCH] ftruncate does not always update m/ctime 2006-06-25 10:01:15 -07:00
pipe.c [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
pnode.c [PATCH] core: use list_move() 2006-06-26 09:58:17 -07:00
pnode.h
posix_acl.c
quota_v1.c
quota_v2.c
quota.c
read_write.c [PATCH] splice: unlikely() optimizations 2006-04-11 13:56:09 +02:00
readdir.c
select.c [PATCH] fs: sys_poll with timeout -1 bug fix 2006-06-25 10:01:22 -07:00
seq_file.c
splice.c [PATCH] splice: retrieve mapping after locking the page 2006-06-23 17:10:39 +02:00
stat.c [PATCH] powerpc: Wire up *at syscalls 2006-04-28 21:04:59 +10:00
super.c Merge branch 'master' of /home/trondmy/kernel/linux-2.6/ 2006-06-24 13:07:53 -04:00
sync.c [PATCH] writeback: fix range handling 2006-06-23 07:42:49 -07:00
xattr_acl.c
xattr.c [PATCH] log more info for directory entry change events 2006-06-20 05:25:28 -04:00