Hi, Greg,
In the case that threads in the same group try to access one of their
/proc/$PID/{stat,exe,etc.}, the thread only gets 0 at some fields, like
eip. This is because that these interfaces only allows the same task to
get these data. But one thread should not deny the access from another
thread in `the same group.
The testcase is:
=====================
#include <sys/types.h>
#include <pthread.h>
#include <stdio.h>
#include <unistd.h>
#include <asm/unistd.h>
#include <fcntl.h>
#include <string.h>
#include <sys/stat.h>
pid_t tid = 0;
void print_stat_eip(pid_t child)
{
int fd, i;
char buf[4096], *str, *part;
sprintf(buf, "/proc/%d/stat", child);
fd = open(buf, O_RDONLY);
read(fd, buf, 4096);
close(fd);
buf[4095] = '\0';
str = buf;
part = strtok(str, " ");
i = 0;
while (part) {
i++;
if (i == 30) { // eip
printf("eip: %s\n", part);
break;
}
part = strtok(NULL, " ");
}
}
void *child_func(void *arg)
{
tid = syscall(__NR_gettid);
while(1)
sleep(10000);
return NULL;
}
int main(int argc, char **argv)
{
pthread_t child;
setuid(1000); // 1000 is the uid of a non-root user
pthread_create(&child, NULL, child_func, NULL);
sleep(1);
print_stat_eip(tid);
}
=====================
The following two patches fix this.
thanks,
Sheng
Mark Grondona (1):
__ptrace_may_access() should not deny sub-threads
Oleg Nesterov (1):
include/linux/sched.h: don't use task->pid/tgid in
same_thread_group/has_group_leader_pid
include/linux/sched.h | 8 ++++----
kernel/ptrace.c | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
--
1.8.3.4
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html