[PATCH] Call security hook from pid*_revalidate

From: Stephen Smalley <sds@epoch.ncsc.mil> This patch against 2.6.0-test3-mm3 adds calls to the security_task_to_inode hook to the pid*_revalidate functions to ensure that the inode security field is also updated appropriately for /proc/pid inodes. This corresponds with the uid/gid update performed by the proc-pid-setuid-ownership-fix.patch that is already in -mm3.

[PATCH] Call security hook from pid*_revalidate
From: Stephen Smalley <sds@epoch.ncsc.mil> This patch against 2.6.0-test3-mm3 adds calls to the security_task_to_inode hook to the pid*_revalidate functions to ensure that the inode security field is also updated appropriately for /proc/pid inodes. This corresponds with the uid/gid update performed by the proc-pid-setuid-ownership-fix.patch that is already in -mm3.
7909c355 · Andrew Morton · Linus Torvalds · d24db0a5 · 7909c355
Commit 7909c355 authored Aug 31, 2003 by Andrew Morton Committed by Linus Torvalds Aug 31, 2003
Hide whitespace changes
Inline Side-by-side

Showing with 22 additions and 9 deletions

fs/proc/base.c fs/proc/base.c +22 -9

No files found.
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -870,11 +870,17 @@ static struct inode *proc_pid_make_inode(struct super_block * sb, struct task_st
 */
 static int pid_revalidate(struct dentry *dentry, struct nameidata *nd)
 {
-	if (pid_alive(proc_task(dentry->d_inode))) {
+	struct inode *inode = dentry->d_inode;
-		struct task_struct *task = proc_task(dentry->d_inode);
+	struct task_struct *task = proc_task(inode);
+	if (pid_alive(task)) {
-		dentry->d_inode->i_uid = task->euid;
+		if (proc_type(inode) == PROC_PID_INO || task_dumpable(task)) {
-		dentry->d_inode->i_gid = task->egid;
+			inode->i_uid = task->euid;
+			inode->i_gid = task->egid;
+		} else {
+			inode->i_uid = 0;
+			inode->i_gid = 0;
+		}
+		security_task_to_inode(task, inode);
 		return 1;
 	}
 	d_drop(dentry);
@@ -883,8 +889,9 @@ static int pid_revalidate(struct dentry *dentry, struct nameidata *nd)
 static int pid_fd_revalidate(struct dentry *dentry, struct nameidata *nd)
 {
-	struct task_struct *task = proc_task(dentry->d_inode);
+	struct inode *inode = dentry->d_inode;
-	int fd = proc_type(dentry->d_inode) - PROC_PID_FD_DIR;
+	struct task_struct *task = proc_task(inode);
+	int fd = proc_type(inode) - PROC_PID_FD_DIR;
 	struct files_struct *files;
 	task_lock(task);
@@ -897,8 +904,14 @@ static int pid_fd_revalidate(struct dentry *dentry, struct nameidata *nd)
 		if (fcheck_files(files, fd)) {
 			spin_unlock(&files->file_lock);
 			put_files_struct(files);
-			dentry->d_inode->i_uid = task->euid;
+			if (task_dumpable(task)) {
-			dentry->d_inode->i_gid = task->egid;
+				inode->i_uid = task->euid;
+				inode->i_gid = task->egid;
+			} else {
+				inode->i_uid = 0;
+				inode->i_gid = 0;
+			}
+			security_task_to_inode(task, inode);
 			return 1;
 		}
 		spin_unlock(&files->file_lock);