On Mon, May 18, 2015 at 02:07:22AM +0000, Sheng Yong wrote:
> Hi, Greg,
>
> In the case that threads in the same group try to access one of their
> /proc/$PID/{stat,exe,etc.}, the thread only gets 0 at some fields, like
> eip. This is because that these interfaces only allows the same task to
> get these data. But one thread should not deny the access from another
> thread in `the same group.
>
> The testcase is:
> =====================
> #include <sys/types.h>
> #include <pthread.h>
> #include <stdio.h>
> #include <unistd.h>
> #include <asm/unistd.h>
> #include <fcntl.h>
> #include <string.h>
> #include <sys/stat.h>
>
> pid_t tid = 0;
>
> void print_stat_eip(pid_t child)
> {
> int fd, i;
> char buf[4096], *str, *part;
>
> sprintf(buf, "/proc/%d/stat", child);
>
> fd = open(buf, O_RDONLY);
> read(fd, buf, 4096);
> close(fd);
> buf[4095] = '\0';
>
> str = buf;
>
> part = strtok(str, " ");
> i = 0;
> while (part) {
> i++;
> if (i == 30) { // eip
> printf("eip: %s\n", part);
> break;
> }
> part = strtok(NULL, " ");
> }
> }
>
> void *child_func(void *arg)
> {
> tid = syscall(__NR_gettid);
> while(1)
> sleep(10000);
> return NULL;
> }
>
> int main(int argc, char **argv)
> {
> pthread_t child;
>
> setuid(1000); // 1000 is the uid of a non-root user
> pthread_create(&child, NULL, child_func, NULL);
> sleep(1);
> print_stat_eip(tid);
> }
> =====================
>
> The following two patches fix this.
>
> thanks,
> Sheng
>
> Mark Grondona (1):
> __ptrace_may_access() should not deny sub-threads
>
> Oleg Nesterov (1):
> include/linux/sched.h: don't use task->pid/tgid in
> same_thread_group/has_group_leader_pid
>
> include/linux/sched.h | 8 ++++----
> kernel/ptrace.c | 2 +-
> 2 files changed, 5 insertions(+), 5 deletions(-)
>
> --
> 1.8.3.4
Thanks, both now applied.
greg k-h
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html