On Fri, Sep 16, 2011 at 09:56:18PM +0400, Vasiliy Kulikov wrote: ... > > > > v14: (by Vasiliy Kulikov) > > - for security reason map_files/ entries are allowed for > > readers with CAP_SYS_ADMIN credentials granted only > > This changelog is currently much longer than the commit description text ;) Yes, I know ;) I would like to keep it (to appreciate everyone who spent time in review and feedback). ... > > > + > > + inode = dentry->d_inode; > > + task = get_proc_task(inode); > > + if (!task) > > + goto out_notask; > > + > > + if (!ptrace_may_access(task, PTRACE_MODE_READ)) > > + goto out; > > While this is not needed with capable() check, it's OK to keep it for > the future more finegranted access checks. yeah > > BTW, not a big deal, but probably you should return -EACCES on > !capable() as file presence is not an issue in this case. > > if (!ptrace_may_access(task, PTRACE_MODE_READ)) > goto out_notask; > > status = -EACCES; > if (!capable(CAP_SYS_ADMIN)) > goto out_notask; > > status = 0; > > That's not a proble to fix it actually. So can I fix it and put some tage here (Reviewed or something?). Cyrill -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
