Re: /proc parent &proc_root == NULL?

From: Valdis . Kletnieks
Date: Thu Jan 27 2005 - 01:43:12 EST

Next message: pcg: "Re: critical bugs in md raid5"
Previous message: Ake: "Re: Bug in 2.4.26 in mm/filemap.c when using RLIMIT_RSS"
In reply to: John Richard Moser: "Re: /proc parent &proc_root == NULL?"
Next in thread: John Richard Moser: "Re: /proc parent &proc_root == NULL?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 26 Jan 2005 22:35:18 EST, John Richard Moser said:

> This particular problem pertains to proc_misc.c and trying to create a
> hook for some grsecurity protections that alter the modes on certain
> /proc entries. The chunk of the patch I'm trying to immitate is:

> +#ifdef CONFIG_GRKERNSEC_PROC_ADD
> + create_seq_entry("cpuinfo", gr_mode, &proc_cpuinfo_operations);
> +#else
> create_seq_entry("cpuinfo", 0, &proc_cpuinfo_operations);
> +#endif

An alternate way to approach this - leave the permissions alone here.

And then use the security_ops->inode_permission() hook to do something like:

if ((inode == cpuinfo) && (current->fsuid))
return -EPERM;

Writing the proper tests for whether it's the inode you want and whether to
give the request the kiss-of-death are left as an excersize for the programmer.. ;)

You may want to use a properly timed initcall() to create a callback that
happens after proc_misc_init() happens, but before userspace gets going, and
walk through the /proc tree at that time and cache info on the files you care
about, so you don't have to re-walk /proc every time permission() gets called....

Attachment: pgp00000.pgp
Description: PGP signature

Next message: pcg: "Re: critical bugs in md raid5"
Previous message: Ake: "Re: Bug in 2.4.26 in mm/filemap.c when using RLIMIT_RSS"
In reply to: John Richard Moser: "Re: /proc parent &proc_root == NULL?"
Next in thread: John Richard Moser: "Re: /proc parent &proc_root == NULL?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]