On Tue, Sep 13, 2005 at 04:30:43PM -0500, Sripathi Kodi wrote:
> Al Viro wrote:
> >
> >Well... If exposing the list of tasks in a group is OK, we can just leave
> >->permission NULL for that sucker. If it's not (and arguably it can be
> >sensitive information), we have a bigger problem - right now chroot
> >boundary
> >is the only control we have there; normally anyone can ls
> >/proc/<whatever>/task
> >and see other threads.
> >
>
> Al, I understand that we can't set ->permission to NULL as it removes the
> chroot boundary check. If I understood you correctly, we need to put
> additional checks in proc_permission to ensure anyone doing ls
> /proc/<pid>/task won't be able to see other threads.
Wrong. We need a separate function, _not_ modifying proc_permssion().
If we need ->permission() at all, that is - note that anyone can do
ls /proc/<pid>/task on other users' process.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
|
|