From: Cyrill Gorcunov <gorcunov@gmail.com>
To: Oleg Nesterov <oleg@redhat.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Pavel Emelyanov <xemul@parallels.com>,
Serge Hallyn <serge.hallyn@canonical.com>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>,
Tejun Heo <tj@kernel.org>, Andrew Vagin <avagin@openvz.org>,
Vasiliy Kulikov <segoon@openwall.com>
Subject: Re: [RFC] fs, proc: Introduce /proc/<pid>/task/<tid>/children entry v5
Date: Sun, 15 Jan 2012 22:31:45 +0400 [thread overview]
Message-ID: <20120115183145.GH3186@moon> (raw)
In-Reply-To: <20120115180721.GA23810@redhat.com>
On Sun, Jan 15, 2012 at 07:07:21PM +0100, Oleg Nesterov wrote:
> On 12/28, Cyrill Gorcunov wrote:
> >
> > When we do checkpoint of a task we need to know the list of children
> > the task has but there is no easy way to make a reverse parent->children
> > chain from an arbitrary <pid> (while a parent pid is provided in "PPid"
> > field of /proc/<pid>/status).
>
> Looks correct at first glance... But I'll try to recheck. I guess you need
> to resend anyway, I bet nobody can recall this patch ;)
>
Sure ;)
> However I do not understand the ptrace_may_access() check at all.
>
...
> Well, this is cosmetic, but imho
>
> if (list_is_last(...))
> goto out;
>
> task = list_first_entry(...);
> ...
>
> looks better.
>
ok
>
> > + list_for_each_entry(task, &start->children, sibling) {
> > + if (pos-- == 0) {
> > + if (ptrace_may_access(task, PTRACE_MODE_READ)) {
> > + pid = get_pid(task_pid(task));
> > + goto out;
> > + } else {
> > + /* Maybe we success with the next children */
> > + pos++;
>
> Again. I simply can't understand what ptrace_may_access() actually
> means. Why do we use the possible child, not parent?
>
> IOW. I have no idea if we really need any security check at all.
> You can find the children pids without this patch anyway via.
> grep PPid /proc/*/status.
>
OK, I see. I am actually not sure which behaviour should be there.
What should we do if say we have a task with a number of children,
which changed permissions of own and some of children. Look what I mean.
We have say tid A, which has children B C D, and when we read
/proc/pid/task/tid/children we should see "B C D" here. But
what if say A started with roots rights, then changed own permission
so everyone could read this /proc/pid/task/<A>/children, but
left C with root permissions only. So should we list C here?
Or such scenario is impossible at all?
> But if you want ptrace_may_access/whatever, you should check
> ptrace_may_access(start), no?
>
Cyrill
next prev parent reply other threads:[~2012-01-15 18:31 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-28 12:14 [RFC] fs, proc: Introduce /proc/<pid>/task/<tid>/children entry v5 Cyrill Gorcunov
2012-01-15 18:07 ` Oleg Nesterov
2012-01-15 18:31 ` Cyrill Gorcunov [this message]
2012-01-15 18:48 ` Oleg Nesterov
2012-01-15 18:57 ` Cyrill Gorcunov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120115183145.GH3186@moon \
--to=gorcunov@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=avagin@openvz.org \
--cc=kamezawa.hiroyu@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=segoon@openwall.com \
--cc=serge.hallyn@canonical.com \
--cc=tj@kernel.org \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox