|
Message-ID: <CAKTCnznSPoYvjzH_GekABBZ4HkyoQPVjTjBsOjwpVMSxQRxBSA@mail.gmail.com> Date: Mon, 19 Sep 2011 23:17:16 +0530 From: Balbir Singh <bsingharora@...il.com> To: Vasiliy Kulikov <segoon@...nwall.com> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Shailabh Nagar <nagar@...ibm.com>, linux-kernel@...r.kernel.org, security@...nel.org, Eric Paris <eparis@...hat.com>, Stephen Wilson <wilsons@...rt.ca>, KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>, David Rientjes <rientjes@...gle.com>, Andrew Morton <akpm@...ux-foundation.org>, Balbir Singh <balbir@...ux.vnet.ibm.com>, kernel-hardening@...ts.openwall.com Subject: Re: [Security] [PATCH 2/2] taskstats: restrict access to user On Mon, Sep 19, 2011 at 11:09 PM, Vasiliy Kulikov <segoon@...nwall.com> wrote: > On Mon, Sep 19, 2011 at 09:40 -0700, Linus Torvalds wrote: >> diff --git a/kernel/taskstats.c b/kernel/taskstats.c >> index e19ce1454ee1..5874d4866b3c 100644 >> --- a/kernel/taskstats.c >> +++ b/kernel/taskstats.c >> @@ -457,6 +457,8 @@ static int cmd_attr_register_cpumask(struct genl_info *info) >> cpumask_var_t mask; >> int rc; >> >> + if (!capable(CAP_SYS_ADMIN)) >> + return -EPERM; > > Shouldn't it simply protect taskstats_user_cmd()? You may still poll > the counters with TASKSTATS_CMD_ATTR_PID/TASKSTATS_CMD_ATTR_TGID. > Yep, it should if we want to move it all to root access. Balbir
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.