]> err.no Git - linux-2.6/commit
do_wait: fix security checks
authorOleg Nesterov <oleg@tv-sign.ru>
Fri, 8 Feb 2008 12:19:06 +0000 (04:19 -0800)
committerLinus Torvalds <torvalds@woody.linux-foundation.org>
Fri, 8 Feb 2008 17:22:26 +0000 (09:22 -0800)
commitf2cc3eb133baa2e9dc8efd40f417106b2ee520f3
tree37b08158ee5296e79a61aad086be36c742825e3b
parent96fabbf55ae79826f2e8a86f4066d7e8834315ae
do_wait: fix security checks

Imho, the current usage of security_task_wait() is not logical.

Suppose we have the single child p, and security_task_wait(p) return
-EANY.  In that case waitpid(-1) returns this error.  Why? Isn't it
better to return ECHLD? We don't really have reapable children.

Now suppose that child was stolen by gdb.  In that case we find this
child on ->ptrace_children and set flag = 1, but we don't check that the
child was denied.  So, do_wait(..., WNOHANG) returns 0, this doesn't
match the behaviour above.  Without WNOHANG do_wait() blocks only to
return the error later, when the child will be untraced.  Inho, really
strange.

I think eligible_child() should return the error only if the child's pid
was requested explicitly, otherwise we should silently ignore the tasks
which were nacked by security_task_wait().

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Roland McGrath <roland@redhat.com>
Cc: Chris Wright <chrisw@sous-sol.org>
Cc: Eric Paris <eparis@redhat.com>
Cc: James Morris <jmorris@namei.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
kernel/exit.c