git.openpandora.org
/
pandora-kernel.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
proc: restrict access to /proc/PID/io
[pandora-kernel.git]
/
fs
/
proc
/
base.c
diff --git
a/fs/proc/base.c
b/fs/proc/base.c
index
14def99
..
fc5bc27
100644
(file)
--- a/
fs/proc/base.c
+++ b/
fs/proc/base.c
@@
-2169,11
+2169,7
@@
static const struct file_operations proc_fd_operations = {
*/
static int proc_fd_permission(struct inode *inode, int mask, unsigned int flags)
{
*/
static int proc_fd_permission(struct inode *inode, int mask, unsigned int flags)
{
- int rv;
-
- if (flags & IPERM_FLAG_RCU)
- return -ECHILD;
- rv = generic_permission(inode, mask, flags, NULL);
+ int rv = generic_permission(inode, mask, flags, NULL);
if (rv == 0)
return 0;
if (task_pid(current) == proc_pid(inode))
if (rv == 0)
return 0;
if (task_pid(current) == proc_pid(inode))
@@
-2712,6
+2708,9
@@
static int do_io_accounting(struct task_struct *task, char *buffer, int whole)
struct task_io_accounting acct = task->ioac;
unsigned long flags;
struct task_io_accounting acct = task->ioac;
unsigned long flags;
+ if (!ptrace_may_access(task, PTRACE_MODE_READ))
+ return -EACCES;
+
if (whole && lock_task_sighand(task, &flags)) {
struct task_struct *t = task;
if (whole && lock_task_sighand(task, &flags)) {
struct task_struct *t = task;
@@
-2843,7
+2842,7
@@
static const struct pid_entry tgid_base_stuff[] = {
REG("coredump_filter", S_IRUGO|S_IWUSR, proc_coredump_filter_operations),
#endif
#ifdef CONFIG_TASK_IO_ACCOUNTING
REG("coredump_filter", S_IRUGO|S_IWUSR, proc_coredump_filter_operations),
#endif
#ifdef CONFIG_TASK_IO_ACCOUNTING
- INF("io", S_IRU
GO
, proc_tgid_io_accounting),
+ INF("io", S_IRU
SR
, proc_tgid_io_accounting),
#endif
#ifdef CONFIG_HARDWALL
INF("hardwall", S_IRUGO, proc_pid_hardwall),
#endif
#ifdef CONFIG_HARDWALL
INF("hardwall", S_IRUGO, proc_pid_hardwall),
@@
-3185,7
+3184,7
@@
static const struct pid_entry tid_base_stuff[] = {
REG("make-it-fail", S_IRUGO|S_IWUSR, proc_fault_inject_operations),
#endif
#ifdef CONFIG_TASK_IO_ACCOUNTING
REG("make-it-fail", S_IRUGO|S_IWUSR, proc_fault_inject_operations),
#endif
#ifdef CONFIG_TASK_IO_ACCOUNTING
- INF("io", S_IRU
GO
, proc_tid_io_accounting),
+ INF("io", S_IRU
SR
, proc_tid_io_accounting),
#endif
#ifdef CONFIG_HARDWALL
INF("hardwall", S_IRUGO, proc_pid_hardwall),
#endif
#ifdef CONFIG_HARDWALL
INF("hardwall", S_IRUGO, proc_pid_hardwall),