From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752561AbbESD3Z (ORCPT ); Mon, 18 May 2015 23:29:25 -0400 Received: from smtprelay0049.hostedemail.com ([216.40.44.49]:41319 "EHLO smtprelay.hostedemail.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750835AbbESD3Y (ORCPT ); Mon, 18 May 2015 23:29:24 -0400 X-Session-Marker: 6A6F6540706572636865732E636F6D X-Spam-Summary: 2,0,0,,d41d8cd98f00b204,joe@perches.com,:::::::::::::::::::::::::::,RULES_HIT:41:355:379:541:599:960:973:982:988:989:1260:1277:1311:1313:1314:1345:1359:1373:1437:1515:1516:1518:1534:1541:1593:1594:1711:1730:1747:1777:1792:2393:2553:2559:2562:2828:2892:2899:2901:3138:3139:3140:3141:3142:3353:3622:3865:3866:3867:3868:3870:3871:3872:3874:4321:5007:6261:6742:7974:10004:10400:10848:11026:11232:11473:11658:11914:12043:12296:12438:12517:12519:12740:13069:13255:13311:13357:14096:14097:21080,0,RBL:none,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fn,MSBL:0,DNSBL:none,Custom_rules:0:0:0 X-HE-Tag: tiger89_176fbba9a043a X-Filterd-Recvd-Size: 3255 Message-ID: <1432006160.2870.138.camel@perches.com> Subject: Re: [PATCH v5] procfs: Always expose /proc//map_files/ and make it readable From: Joe Perches To: Calvin Owens Cc: Andrew Morton , Alexey Dobriyan , "Eric W. Biederman" , Al Viro , Miklos Szeredi , Zefan Li , Oleg Nesterov , David Howells , linux-kernel@vger.kernel.org, kernel-team@fb.com, Andy Lutomirski , Kees Cook , "Kirill A. Shutemov" Date: Mon, 18 May 2015 20:29:20 -0700 In-Reply-To: <1432005006-3428-1-git-send-email-calvinowens@fb.com> References: <20150214204009.GA1763278@mail.thefacebook.com> <1432005006-3428-1-git-send-email-calvinowens@fb.com> Content-Type: text/plain; charset="ISO-8859-1" X-Mailer: Evolution 3.12.11-0ubuntu3 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2015-05-18 at 20:10 -0700, Calvin Owens wrote: > Currently, /proc//map_files/ is restricted to CAP_SYS_ADMIN, and > is only exposed if CONFIG_CHECKPOINT_RESTORE is set. This interface is > very useful for enumerating the files mapped into a process when the > more verbose information in /proc//maps is not needed. It also > allows access to file descriptors for files that have been deleted and > closed but are still mmapped into a process, which can be very useful > for introspection and debugging. style trivia: > diff --git a/fs/proc/base.c b/fs/proc/base.c [] > +/* > + * Enforce stronger PTRACE_MODE_ATTACH permissions on the symlinks under > + * /proc//map_files, since these links may refer to deleted or O_TMPFILE > + * files that users might assume are inaccessible regardless of their > + * ownership/permissions. > + */ > +static void *proc_map_files_follow_link(struct dentry *dentry, struct nameidata *nd) > +{ > + struct inode *inode = d_inode(dentry); > + struct task_struct *task; > + int allowed = 0; > + > + task = get_proc_task(inode); > + if (task) { > + allowed = ptrace_may_access(task, PTRACE_MODE_ATTACH); > + put_task_struct(task); > + } else { > + return ERR_PTR(-ESRCH); > + } > + > + if (!allowed) > + return ERR_PTR(-EACCES); > + > + return proc_pid_follow_link(dentry, nd); > +} It'd perhaps be clearer to read this with an immediate return after a failure in get_proc_task. Maybe something like (move initializations as desired): static void *proc_map_files_follow_link(struct dentry *dentry, struct nameidata *nd) { int allowed; struct iode *inode = d_inode(dentry); struct task_struct task = get_proc_task(inode); if (!task) return ERR_PTR(-ESRCH); allowed = ptrace_may_access(task, PTRACE_MODE_ATTACH); put_task_struct(task); if (!allowed) return ERR_PTR(-EACCES); return proc_pic_follow_link(dentry, nd); }