| Message ID | 20180511093613.GA1330@comp-core-i7-2640m-0182e6 (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 05/11/2018 02:36 AM, Alexey Gladkov wrote: > From: Djalal Harouni <tixxdz@gmail.com> > > If "limit_pids=1" mount option is set then do not instantiate pids that > we can not ptrace. "limit_pids=1" means that procfs should only contain > pids that the caller can ptrace. Where can I find documentation on these mount options (pidonly, limit_pids)? Thanks. > Cc: Kees Cook <keescook@chromium.org> > Cc: Andy Lutomirski <luto@kernel.org> > Signed-off-by: Djalal Harouni <tixxdz@gmail.com> > --- > fs/proc/base.c | 9 +++++++++ > 1 file changed, 9 insertions(+)
On Fri, May 11, 2018 at 2:46 AM Alexey Gladkov <gladkov.alexey@gmail.com> wrote: > + /* Limit procfs to only ptracable tasks */ > + if (limit_pids == PROC_LIMIT_PIDS_PTRACE) { > + cond_resched(); > + if (!has_pid_permissions(fs_info, task, HIDEPID_NO_ACCESS)) > + goto out_put_task; > + } Where did that "cond_resched()" come from? That doesn't seem to make a lot of sense. Linus
On Fri, May 11, 2018 at 09:45:33AM -0700, Linus Torvalds wrote: > On Fri, May 11, 2018 at 2:46 AM Alexey Gladkov <gladkov.alexey@gmail.com> > wrote: > > > + /* Limit procfs to only ptracable tasks */ > > + if (limit_pids == PROC_LIMIT_PIDS_PTRACE) { > > + cond_resched(); > > + if (!has_pid_permissions(fs_info, task, > HIDEPID_NO_ACCESS)) > > + goto out_put_task; > > + } > > Where did that "cond_resched()" come from? That doesn't seem to make a lot > of sense. This call came along with has_pid_permissions from proc_pid_readdir [1]. It seems to me that proc_pid_readdir and proc_pid_lookup should act in a similar way in this case. [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ba4bceef23206349d4130ddf140819b365de7c8
On Fri, May 11, 2018 at 09:09:04AM -0700, Randy Dunlap wrote: > On 05/11/2018 02:36 AM, Alexey Gladkov wrote: > > From: Djalal Harouni <tixxdz@gmail.com> > > > > If "limit_pids=1" mount option is set then do not instantiate pids that > > we can not ptrace. "limit_pids=1" means that procfs should only contain > > pids that the caller can ptrace. > > Where can I find documentation on these mount options (pidonly, limit_pids)? The documentation is not ready yet. It will be added in the next version of the patchset.
diff --git a/fs/proc/base.c b/fs/proc/base.c index 6f084344..31baeef 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -3187,6 +3187,7 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign unsigned tgid; struct proc_fs_info *fs_info = proc_sb(dir->i_sb); struct pid_namespace *ns = fs_info->pid_ns; + int limit_pids = proc_fs_limit_pids(fs_info); tgid = name_to_int(&dentry->d_name); if (tgid == ~0U) @@ -3200,7 +3201,15 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign if (!task) goto out; + /* Limit procfs to only ptracable tasks */ + if (limit_pids == PROC_LIMIT_PIDS_PTRACE) { + cond_resched(); + if (!has_pid_permissions(fs_info, task, HIDEPID_NO_ACCESS)) + goto out_put_task; + } + result = proc_pid_instantiate(dir, dentry, task, NULL); +out_put_task: put_task_struct(task); out: return ERR_PTR(result);