[PATCH] subsystem: proc filesystem

[PATCH] subsystem: proc filesystem

[tux2002]

This patch strengthens file permissions of pid record in proc filesystem. When pid and pidentry records created, his permissions strengthens by creator umask.



./scripts/get_maintainer.pl: No supported VCS found.  Add --nogit to options?

Using a git repository produces better results.

Try Linus Torvalds' latest git repository using:

git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

linux-kernel@vger.kernel.org (open list)





---

--- linux-3.7/fs/proc/base.c.orig	2012-12-11 06:30:57.000000000 +0300

+++ linux-3.7/fs/proc/base.c	2012-12-13 16:48:59.000000000 +0300

@@ -2035,6 +2035,7 @@ static struct dentry *proc_pident_instan

 

 	ei = PROC_I(inode);

 	inode->i_mode = p->mode;

+	inode->i_mode &= ~(mode_t) get_current()->fs->umask;

 	if (S_ISDIR(inode->i_mode))

 		set_nlink(inode, 2);	/* Use getattr to fix if necessary */

 	if (p->iop)

@@ -2856,7 +2857,8 @@ static struct dentry *proc_pid_instantia

 	if (!inode)

 		goto out;

 

-	inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;

+	inode->i_mode = S_IFDIR|S_IRUGO|S_IWUSR|S_IXUGO;

+	inode->i_mode &= ~(mode_t) get_current()->fs->umask;

 	inode->i_op = &proc_tgid_base_inode_operations;

 	inode->i_fop = &proc_tgid_base_operations;

 	inode->i_flags|=S_IMMUTABLE;

---

Re: [PATCH] subsystem: proc filesystem

[Al Viro]

On Thu, Dec 13, 2012 at 05:15:44PM +0400, tux2002@front.ru wrote:
> 
> 
> This patch strengthens file permissions of pid record in proc filesystem. When pid and pidentry records created, his permissions strengthens by creator umask.
> 

NAK.  "Creator" in this case means "whoever had done lookup first".

Re: Re: [PATCH] subsystem: pr­oc filesystem

[tux2002]

Not, this permissions saved for all users for later, check please.



Чтв 13 Дек 2012 20:22:10 +0400, Al Viro <viro@ZenIV.linux.org.uk> написал:

> On Thu, Dec 13, 2012 at 05:15:44PM +0400, tux2002@front.ru wrote:

> > 

> > 

> > This patch strengthens file permissions of pid record in proc filesystem. When pid and pidentry records created, his permissions strengthens by creator umask.

> > 

> 

> NAK.  "Creator" in this case means "whoever had done lookup first".

Re: Re: [PATCH] subsystem: pr??oc filesystem

[Al Viro]

On Sun, Dec 16, 2012 at 04:02:03PM +0400, tux2002@front.ru wrote:
> Not, this permissions saved for all users for later, check please.

... and that's why it's bogus.  umask of whoever had done lookup for
/proc/<something> affects everybody else.  For as long as the thing stays
in dcache.  At which point it's up for grabs (in that sense) again.
Do (umask 777; ls -l /proc) with your kernel and watch the results.
Note that you don't need to be root to cause that - anyone can do it.

Realize that dentries and inodes in /proc/<pid>/* are created on demand
whenever somebody does a lookup.  So running ps(1) suddenly makes you
a creator of a bunch of those.  Unless somebody else had done ps(1) (or
ls -l /proc, or...) first.  Basing any security decisions on _that_ is
insane.