[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKTCnznSPoYvjzH_GekABBZ4HkyoQPVjTjBsOjwpVMSxQRxBSA@mail.gmail.com>
Date: Mon, 19 Sep 2011 23:17:16 +0530
From: Balbir Singh <bsingharora@...il.com>
To: Vasiliy Kulikov <segoon@...nwall.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Shailabh Nagar <nagar@...ibm.com>,
linux-kernel@...r.kernel.org, security@...nel.org,
Eric Paris <eparis@...hat.com>, Stephen Wilson <wilsons@...rt.ca>,
KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>, David Rientjes <rientjes@...gle.com>,
Andrew Morton <akpm@...ux-foundation.org>, Balbir Singh <balbir@...ux.vnet.ibm.com>,
kernel-hardening@...ts.openwall.com
Subject: Re: [Security] [PATCH 2/2] taskstats: restrict access to user
On Mon, Sep 19, 2011 at 11:09 PM, Vasiliy Kulikov <segoon@...nwall.com> wrote:
> On Mon, Sep 19, 2011 at 09:40 -0700, Linus Torvalds wrote:
>> diff --git a/kernel/taskstats.c b/kernel/taskstats.c
>> index e19ce1454ee1..5874d4866b3c 100644
>> --- a/kernel/taskstats.c
>> +++ b/kernel/taskstats.c
>> @@ -457,6 +457,8 @@ static int cmd_attr_register_cpumask(struct genl_info *info)
>> cpumask_var_t mask;
>> int rc;
>>
>> + if (!capable(CAP_SYS_ADMIN))
>> + return -EPERM;
>
> Shouldn't it simply protect taskstats_user_cmd()? You may still poll
> the counters with TASKSTATS_CMD_ATTR_PID/TASKSTATS_CMD_ATTR_TGID.
>
Yep, it should if we want to move it all to root access.
Balbir
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
