Re: [PATCH 1/2] break out page allocation warning code

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> On Thu, 2011-04-21 at 10:29 +0900, KOSAKI Motohiro wrote:
> > And one correction.
> > ------------------------------------------------------------------
> > static ssize_t comm_write(struct file *file, const char __user *buf,
> >                                 size_t count, loff_t *offset)
> > {
> >         struct inode *inode = file->f_path.dentry->d_inode;
> >         struct task_struct *p;
> >         char buffer[TASK_COMM_LEN];
> > 
> >         memset(buffer, 0, sizeof(buffer));
> >         if (count > sizeof(buffer) - 1)
> >                 count = sizeof(buffer) - 1;
> >         if (copy_from_user(buffer, buf, count))
> >                 return -EFAULT;
> > 
> >         p = get_proc_task(inode);
> >         if (!p)
> >                 return -ESRCH;
> > 
> >         if (same_thread_group(current, p))
> >                 set_task_comm(p, buffer);
> >         else
> >                 count = -EINVAL;
> > ------------------------------------------------------------------
> > 
> > This code doesn't have proper credential check. IOW, you forgot to
> > pthread_setuid_np() case.
> 
> Sorry, could you expand on this a bit? Google isn't coming up with much
> for pthread_setuid_np. Can a thread actually end up with different uid
> then the process it is a member of?

Yes. Linux kernel _always_ only care per-thread uid.
glibc 2.3.3 or earlier, it use kernel syscall straight forward. and then
userland application also don't have a way to change per-process uid.

glbc 2.3.4 or later, glibc implement per-process setuid by using signal
for inter thread communication. (ie, every thread call setuid() syscall
internally). Hm, currently pthread_setuid_np don't have proper exported
header file. so, parpaps, we need to only worry about syscall(NR_uid) and
old libc?

Anyway, If you see task_struct definition, you can easily find it has
cred.

Thanks.

> 
> Or is same_thread_group not really what I think it is? What would be a
> better way to check that the two threads are members of the same
> process?
> 
> thanks
> -john
> 
> 



--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxxx  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]