Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20110615165140.GA17909@albatros>
Date: Wed, 15 Jun 2011 20:51:40 +0400
From: Vasiliy Kulikov <segoon@...nwall.com>
To: kernel-hardening@...ts.openwall.com
Subject: Re: [RFC 2/5 v3] procfs: add hidepid= and gid=
 mount options

Solar,

On Wed, Jun 15, 2011 at 18:22 +0400, Solar Designer wrote:
> On Wed, Jun 15, 2011 at 05:58:05PM +0400, Vasiliy Kulikov wrote:
> > +	if (pid->hide_pid &&
> > +	    !ptrace_may_access(task, PTRACE_MODE_READ) &&
> > +	    !in_group_p(pid->pid_gid)) {
> 
> I think ptrace_may_access() involves capable() in some cases (when
> access would otherwise be denied).  Thus, in order not to raise the used
> privs flag unnecessarily, you need to check it last - after checking
> in_group_p().

Yep, fixed here and in one more place, thanks.

-- 
Vasiliy

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.