All of lore.kernel.org
 help / color / mirror / Atom feed
From: Kees Cook <kees.cook@canonical.com>
To: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Arjan van de Ven <arjan@infradead.org>, linux-kernel@vger.kernel.org
Subject: [PATCH v2] proc: show personality via /proc/pid/personality
Date: Sun, 5 Oct 2008 03:14:38 -0700	[thread overview]
Message-ID: <20081005101438.GR10632@outflux.net> (raw)
In-Reply-To: <20081005091120.GA21003@x200.localdomain>

Make process personality flags visible in /proc.  Since a process's
personality is potentially sensitive (e.g. READ_IMPLIES_EXEC), make this
file only readable by the process owner.

Signed-off-by: Kees Cook <kees.cook@canonical.com>
---
Please revert the prior patch against the "status" file -- this is the
alternative.
---
 fs/proc/array.c    |    8 ++++++++
 fs/proc/base.c     |    2 ++
 fs/proc/internal.h |    2 ++
 3 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/fs/proc/array.c b/fs/proc/array.c
index 71c9be5..6b6b492 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -337,6 +337,14 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
 	return 0;
 }
 
+int proc_pid_personality(struct seq_file *m, struct pid_namespace *ns,
+			struct pid *pid, struct task_struct *task)
+{
+	seq_printf(m, "%08x\n", task->personality);
+
+	return 0;
+}
+
 static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
 			struct pid *pid, struct task_struct *task, int whole)
 {
diff --git a/fs/proc/base.c b/fs/proc/base.c
index a28840b..c675c62 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2459,6 +2459,7 @@ static const struct pid_entry tgid_base_stuff[] = {
 	REG("environ",    S_IRUSR, environ),
 	INF("auxv",       S_IRUSR, pid_auxv),
 	ONE("status",     S_IRUGO, pid_status),
+	ONE("personality", S_IRUSR, pid_personality),
 	INF("limits",	  S_IRUSR, pid_limits),
 #ifdef CONFIG_SCHED_DEBUG
 	REG("sched",      S_IRUGO|S_IWUSR, pid_sched),
@@ -2794,6 +2795,7 @@ static const struct pid_entry tid_base_stuff[] = {
 	REG("environ",   S_IRUSR, environ),
 	INF("auxv",      S_IRUSR, pid_auxv),
 	ONE("status",    S_IRUGO, pid_status),
+	ONE("personality", S_IRUSR, pid_personality),
 	INF("limits",	 S_IRUSR, pid_limits),
 #ifdef CONFIG_SCHED_DEBUG
 	REG("sched",     S_IRUGO|S_IWUSR, pid_sched),
diff --git a/fs/proc/internal.h b/fs/proc/internal.h
index 4422023..747e3de 100644
--- a/fs/proc/internal.h
+++ b/fs/proc/internal.h
@@ -53,6 +53,8 @@ extern int proc_tgid_stat(struct seq_file *m, struct pid_namespace *ns,
 				struct pid *pid, struct task_struct *task);
 extern int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
 				struct pid *pid, struct task_struct *task);
+extern int proc_pid_personality(struct seq_file *m, struct pid_namespace *ns,
+				struct pid *pid, struct task_struct *task);
 extern int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
 				struct pid *pid, struct task_struct *task);
 extern loff_t mem_lseek(struct file *file, loff_t offset, int orig);
-- 
1.5.6.3


-- 
Kees Cook
Ubuntu Security Team

  parent reply	other threads:[~2008-10-05 10:15 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-10-02 21:14 [PATCH] proc: add "personality" to process status file Kees Cook
2008-10-02 22:46 ` Randy.Dunlap
2008-10-02 22:56   ` Kees Cook
2008-10-04 21:40 ` Alexey Dobriyan
2008-10-04 21:51 ` Arjan van de Ven
2008-10-04 22:02   ` Kees Cook
2008-10-04 23:42     ` Arjan van de Ven
2008-10-05  0:42       ` Kees Cook
2008-10-05  0:48         ` Arjan van de Ven
2008-10-05  9:11           ` Alexey Dobriyan
2008-10-05 10:07             ` Kees Cook
2008-10-05 10:14             ` Kees Cook [this message]
2008-10-05 23:20               ` [PATCH v2] proc: show personality via /proc/pid/personality Alexey Dobriyan
     [not found]               ` <20081005101438.GR10632-oSa+0FWJbaXR7s880joybQ@public.gmane.org>
2008-10-07 13:39                 ` Michael Kerrisk
2008-10-07 13:39                   ` Michael Kerrisk
2008-10-07 16:14                   ` Kees Cook
     [not found]                     ` <20081007161422.GD10357-oSa+0FWJbaXR7s880joybQ@public.gmane.org>
2008-10-08  2:45                       ` Michael Kerrisk
2008-10-08  2:45                         ` Michael Kerrisk

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20081005101438.GR10632@outflux.net \
    --to=kees.cook@canonical.com \
    --cc=adobriyan@gmail.com \
    --cc=arjan@infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.