[PATCH] proc: show personality via /proc/pid/personality

Make process personality flags visible in /proc. Since a process's personality is potentially sensitive (e.g. READ_IMPLIES_EXEC), make this file only readable by the process owner. Signed-off-by: N Kees Cook <kees.cook@canonical.com> Signed-off-by: N Alexey Dobriyan <adobriyan@gmail.com>

[PATCH] proc: show personality via /proc/pid/personality
Make process personality flags visible in /proc. Since a process's personality is potentially sensitive (e.g. READ_IMPLIES_EXEC), make this file only readable by the process owner. Signed-off-by: N Kees Cook <kees.cook@canonical.com> Signed-off-by: N Alexey Dobriyan <adobriyan@gmail.com>
47830723 · Kees Cook · Alexey Dobriyan · a6bebbc8 · 47830723
隐藏空白更改
内联并排

Showing with 9 addition and 0 deletion

fs/proc/base.c fs/proc/base.c +9 -0

未找到文件。
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2438,6 +2438,13 @@ static int proc_tgid_io_accounting(struct task_struct *task, char *buffer)
 }
 #endif /* CONFIG_TASK_IO_ACCOUNTING */
+static int proc_pid_personality(struct seq_file *m, struct pid_namespace *ns,
+				struct pid *pid, struct task_struct *task)
+{
+	seq_printf(m, "%08x\n", task->personality);
+	return 0;
+}
 /*
 * Thread groups
 */
@@ -2454,6 +2461,7 @@ static const struct pid_entry tgid_base_stuff[] = {
 	REG("environ",    S_IRUSR, environ),
 	INF("auxv",       S_IRUSR, pid_auxv),
 	ONE("status",     S_IRUGO, pid_status),
+	ONE("personality", S_IRUSR, pid_personality),
 	INF("limits",	  S_IRUSR, pid_limits),
 #ifdef CONFIG_SCHED_DEBUG
 	REG("sched",      S_IRUGO|S_IWUSR, pid_sched),
@@ -2789,6 +2797,7 @@ static const struct pid_entry tid_base_stuff[] = {
 	REG("environ",   S_IRUSR, environ),
 	INF("auxv",      S_IRUSR, pid_auxv),
 	ONE("status",    S_IRUGO, pid_status),
+	ONE("personality", S_IRUSR, pid_personality),
 	INF("limits",	 S_IRUSR, pid_limits),
 #ifdef CONFIG_SCHED_DEBUG
 	REG("sched",     S_IRUGO|S_IWUSR, pid_sched),