iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
69f594a389
linux/fs/proc
History
Eric Paris 69f594a389 ptrace: do not audit capability check when outputing /proc/pid/stat 
Reading /proc/pid/stat of another process checks if one has ptrace permissions
on that process.  If one does have permissions it outputs some data about the
process which might have security and attack implications.  If the current
task does not have ptrace permissions the read still works, but those fields
are filled with inocuous (0) values.  Since this check and a subsequent denial
is not a violation of the security policy we should not audit such denials.

This can be quite useful to removing ptrace broadly across a system without
flooding the logs when ps is run or something which harmlessly walks proc.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
2012-01-05 18:53:00 -05:00
..
array.c ptrace: do not audit capability check when outputing /proc/pid/stat 2012-01-05 18:53:00 -05:00
base.c vfs: show O_CLOEXE bit properly in /proc/<pid>/fdinfo/<fd> files 2011-08-06 11:51:33 -07:00
cmdline.c proc: switch /proc/cmdline to seq_file 2008-10-23 14:29:04 +04:00
consoles.c console: rename acquire/release_console_sem() to console_lock/unlock() 2011-01-26 10:50:06 +10:00
cpuinfo.c proc: move /proc/cpuinfo code to fs/proc/cpuinfo.c 2008-10-23 15:05:11 +04:00
devices.c proc: use seq_puts()/seq_putc() where possible 2011-01-13 08:03:16 -08:00
generic.c proc: make struct proc_dir_entry::name a terminal array rather than a pointer 2011-07-27 12:50:45 -07:00
inode.c procfs: return ENOENT on opening a being-removed proc entry 2011-07-26 16:49:43 -07:00
internal.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/linux-2.6-nsfd 2011-05-25 18:10:16 -07:00
interrupts.c proc: move /proc/interrupts boilerplate code to fs/proc/interrupts.c 2008-10-23 15:15:46 +04:00
Kconfig kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
kcore.c /proc/kcore: fix seeking 2011-01-13 08:03:17 -08:00
kmsg.c procfs: Use generic_file_llseek in /proc/kmsg 2010-04-09 16:35:41 +02:00
loadavg.c sched, timers: cleanup avenrun users 2009-05-15 15:32:45 +02:00
Makefile ns: proc files for namespace naming policy. 2011-05-10 14:31:44 -07:00
meminfo.c atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
mmu.c
namespaces.c proc: Fix Oops on stat of /proc/<zombie pid>/ns/net 2011-06-15 14:35:29 -07:00
nommu.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
page.c thp: remove PG_buddy 2011-01-13 17:32:43 -08:00
proc_devtree.c of/flattree: Drop an uninteresting message to pr_debug level 2011-03-02 13:45:18 -07:00
proc_net.c proc: make struct proc_dir_entry::name a terminal array rather than a pointer 2011-07-27 12:50:45 -07:00
proc_sysctl.c ->permission() sanitizing: don't pass flags to ->permission() 2011-07-20 01:43:24 -04:00
proc_tty.c proc: use seq_puts()/seq_putc() where possible 2011-01-13 08:03:16 -08:00
root.c proc: make struct proc_dir_entry::name a terminal array rather than a pointer 2011-07-27 12:50:45 -07:00
softirqs.c proc: use seq_puts()/seq_putc() where possible 2011-01-13 08:03:16 -08:00
stat.c proc/stat: use defined macro KMALLOC_MAX_SIZE 2011-05-26 17:12:37 -07:00
task_mmu.c teach /proc/$pid/numa_maps about transparent hugepages 2011-09-21 13:15:44 -07:00
task_nommu.c report errors in /proc/*/*map* sanely 2011-03-23 16:36:50 -04:00
uptime.c [PATCH] Fix idle time field in /proc/uptime 2009-09-24 10:16:24 +02:00
version.c proc: switch /proc/version to seq_file 2008-10-23 14:19:58 +04:00
vmcore.c fs/proc/vmcore.c: add hook to read_from_oldmem() to check for non-ram pages 2011-05-26 17:12:37 -07:00