提交 da58a161 编写于 作者: A Alexey Dobriyan 提交者: Linus Torvalds

/proc/*/environ: wrong placing of ptrace_may_attach() check

It's a bit dopey-looking and can permit a task to cause a pagefault in an mm
which it doesn't have permission to read from.
Signed-off-by: NAlexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
上级 7126dd05
...@@ -204,12 +204,17 @@ static int proc_pid_environ(struct task_struct *task, char * buffer) ...@@ -204,12 +204,17 @@ static int proc_pid_environ(struct task_struct *task, char * buffer)
int res = 0; int res = 0;
struct mm_struct *mm = get_task_mm(task); struct mm_struct *mm = get_task_mm(task);
if (mm) { if (mm) {
unsigned int len = mm->env_end - mm->env_start; unsigned int len;
res = -ESRCH;
if (!ptrace_may_attach(task))
goto out;
len = mm->env_end - mm->env_start;
if (len > PAGE_SIZE) if (len > PAGE_SIZE)
len = PAGE_SIZE; len = PAGE_SIZE;
res = access_process_vm(task, mm->env_start, buffer, len, 0); res = access_process_vm(task, mm->env_start, buffer, len, 0);
if (!ptrace_may_attach(task)) out:
res = -ESRCH;
mmput(mm); mmput(mm);
} }
return res; return res;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册