From: Al Viro <viro@ZenIV.linux.org.uk>
To: Sripathi Kodi <sripathik@in.ibm.com>
Cc: Linus Torvalds <torvalds@osdl.org>, Andrew Morton <akpm@osdl.org>,
linux-kernel@vger.kernel.org, patrics@interia.pl,
Ingo Molnar <mingo@elte.hu>, Roland McGrath <roland@redhat.com>
Subject: Re: [PATCH 2.6.13.1] Patch for invisible threads
Date: Thu, 15 Sep 2005 02:18:50 +0100 [thread overview]
Message-ID: <20050915011850.GZ25261@ZenIV.linux.org.uk> (raw)
In-Reply-To: <4328C0D0.6000909@in.ibm.com>
On Wed, Sep 14, 2005 at 07:31:12PM -0500, Sripathi Kodi wrote:
> I can move this code from proc_root_link() to proc_check_root(), but it
> will still not be completely limited to ->permission() path. I can create a
> separate ->permission() for proc_task_inode_operations, and have this
> additional code there. If I do that, I think I will have to duplicate much
> of proc_check_root(). Or else, I will have to split proc_check_root() into
> two functions to prevent code duplication. Please let me know if any of
> these makes sense, and I will send another patch.
The last variant would be preferable if we go in that direction...
> If you don't like this idea at all, please let me know if there any other
> way of solving the invisible threads problem, short of taking out
> ->permission() altogether from proc_task_inode_operations.
Frankly, I don't see the rationale for combination of
* allowing anyone see all processes in top-level directory and
visit their directories, chroot or not
* allowing anyone see /proc/<pid>/task/*, unless separated by
chroot (note that we allow that regardless of process ownership, etc.)
* disallowing to see /proc/<pid>/task/* if leader is or used to be
outside of our chroot.
IOW, it's either too weak or too strong; current rules make very little
sense, regardless of the behaviour when group leader dies.
next prev parent reply other threads:[~2005-09-15 1:18 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-12 17:46 [PATCH 2.6.13.1] Patch for invisible threads Sripathi Kodi
2005-09-12 20:49 ` Andrew Morton
2005-09-13 13:10 ` Sripathi Kodi
2005-09-13 14:53 ` Linus Torvalds
2005-09-13 16:51 ` Al Viro
2005-09-13 17:01 ` Linus Torvalds
2005-09-13 17:12 ` Al Viro
2005-09-13 21:30 ` Sripathi Kodi
2005-09-13 21:56 ` Roland McGrath
2005-09-13 21:57 ` Al Viro
2005-09-13 23:10 ` Linus Torvalds
2005-09-14 1:47 ` Sripathi Kodi
2005-09-14 1:52 ` Al Viro
2005-09-14 14:37 ` Bill Davidsen
2005-09-15 0:30 ` Sripathi Kodi
2005-09-14 1:50 ` Al Viro
2005-09-15 0:31 ` Sripathi Kodi
2005-09-15 0:55 ` Roland McGrath
2005-09-15 1:38 ` Sripathi Kodi
2005-09-15 2:12 ` Al Viro
2005-09-15 7:29 ` Roland McGrath
2005-09-15 1:18 ` Al Viro [this message]
2005-09-16 0:54 ` Sripathi Kodi
2005-09-16 7:46 ` Al Viro
2005-09-16 15:06 ` Sripathi Kodi
2005-09-16 18:05 ` Daniel Jacobowitz
2005-09-16 18:14 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050915011850.GZ25261@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=patrics@interia.pl \
--cc=roland@redhat.com \
--cc=sripathik@in.ibm.com \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.