Re: [PATCH 2.6.13.1] Patch for invisible threads

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Sep 16, 2005 at 02:05:35PM -0400, Daniel Jacobowitz wrote:
> On Fri, Sep 16, 2005 at 08:46:06AM +0100, Al Viro wrote:
> > > Further, about actual permission checks that we are doing, can we say: "A 
> > > process should be able to see /proc/<pid>/task/* of another process only if 
> > > they both belong to same uid or reader is root"? But any such change will 
> > > change the behavior of commands like 'ps', right?
> > 
> > Right.  The real question is whether the current behaviour makes any sense.
> > I've no objections to your patch + modification above, but I really wonder
> > if we should keep current rules in that area.
> 
> Why should there be any more restrictions on /proc/<pid>/task than
> there are in /proc?  Threads are not listed in the latter, but that's
> strictly for performance/usability; you can enumerate threads in /proc
> by just trying all the valid PIDs.

But we *do* see processes outside of chroot jail in /proc.  That's the
point - we have seriously inconsistent rules here.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]
  Powered by Linux