• Eric W. Biederman's avatar
    [PATCH] proc: Properly filter out files that are not visible to a process · 0f2fe20f
    Eric W. Biederman authored
    Long ago and far away in 2.2 we started checking to ensure the files we
    displayed in /proc were visible to the current process.  It was an
    unsophisticated time and no one was worried about functions full of FIXMES in
    a stable kernel.  As time passed the function became sacred and was enshrined
    in the shrine of how things have always been.  The fixes came in but only to
    keep the function working no one really remembering or documenting why we did
    things that way.
    
    The intent and the functionality make a lot of sense.  Don't let /proc be an
    access point for files a process can see no other way.  The implementation
    however is completely wrong.
    
    We are currently checking the root directories of the two processes, we are
    not checking the actual file descriptors themselves.
    
    We are strangely checking with a permission method instead of just when we use
    the data.
    
    This patch fixes the logic to actually check the file descriptors and make a
    note that implementing a permission method for this part of /proc almost
    certainly indicates a bug in the reasoning.
    Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    0f2fe20f
base.c 53.7 KB