git://ftp.safe.ca / safe / jmp / linux-2.6 / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7126dd0)
/proc/*/environ: wrong placing of ptrace_may_attach() check
authorAlexey Dobriyan <adobriyan@sw.ru>
Mon, 16 Jul 2007 06:40:21 +0000 (23:40 -0700)
committerLinus Torvalds <torvalds@woody.linux-foundation.org>
Mon, 16 Jul 2007 16:05:44 +0000 (09:05 -0700)
It's a bit dopey-looking and can permit a task to cause a pagefault in an mm
which it doesn't have permission to read from.

Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
fs/proc/base.c patch | blob | history

diff --git a/fs/proc/base.c b/fs/proc/base.c
index 46ea5d5..d092194 100644 (file)
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -204,12 +204,17 @@ static int proc_pid_environ(struct task_struct *task, char * buffer)
        int res = 0;
        struct mm_struct *mm = get_task_mm(task);
        if (mm) {
-               unsigned int len = mm->env_end - mm->env_start;
+               unsigned int len;
+
+               res = -ESRCH;
+               if (!ptrace_may_attach(task))
+                       goto out;
+
+               len  = mm->env_end - mm->env_start;
                if (len > PAGE_SIZE)
                        len = PAGE_SIZE;
                res = access_process_vm(task, mm->env_start, buffer, len, 0);
-               if (!ptrace_may_attach(task))
-                       res = -ESRCH;
+out:
                mmput(mm);
        }
        return res;
Full containers within linux kernel