提交 8948e11f 编写于 作者: A Alexey Dobriyan 提交者: Linus Torvalds

Allow access to /proc/$PID/fd after setuid()

/proc/$PID/fd has r-x------ permissions, so if process does setuid(), it
will not be able to access /proc/*/fd/. This breaks fstatat() emulation
in glibc.

open("foo", O_RDONLY|O_DIRECTORY)       = 4
setuid32(65534)                         = 0
stat64("/proc/self/fd/4/bar", 0xbfafb298) = -1 EACCES (Permission denied)
Signed-off-by: NAlexey Dobriyan <adobriyan@openvz.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: James Morris <jmorris@namei.org>
Cc: Chris Wright <chrisw@sous-sol.org>
Cc: Ulrich Drepper <drepper@redhat.com>
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Acked-By: NKirill Korotaev <dev@openvz.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
上级 ab1b6f03
...@@ -1447,11 +1447,29 @@ static const struct file_operations proc_fd_operations = { ...@@ -1447,11 +1447,29 @@ static const struct file_operations proc_fd_operations = {
.readdir = proc_readfd, .readdir = proc_readfd,
}; };
/*
* /proc/pid/fd needs a special permission handler so that a process can still
* access /proc/self/fd after it has executed a setuid().
*/
static int proc_fd_permission(struct inode *inode, int mask,
struct nameidata *nd)
{
int rv;
rv = generic_permission(inode, mask, NULL);
if (rv == 0)
return 0;
if (task_pid(current) == proc_pid(inode))
rv = 0;
return rv;
}
/* /*
* proc directories can do almost nothing.. * proc directories can do almost nothing..
*/ */
static const struct inode_operations proc_fd_inode_operations = { static const struct inode_operations proc_fd_inode_operations = {
.lookup = proc_lookupfd, .lookup = proc_lookupfd,
.permission = proc_fd_permission,
.setattr = proc_setattr, .setattr = proc_setattr,
}; };
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册