diff options
author | Alexey Dobriyan <adobriyan@sw.ru> | 2007-07-15 23:40:21 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-07-16 09:05:44 -0700 |
commit | da58a1617343e345d435953a0f32024997a95164 (patch) | |
tree | 12a0ad4a92221d38dd8846f63063a8414c44655d | |
parent | 7126dd0562c78fa393a53120155e9b265cc68f9d (diff) | |
download | op-kernel-dev-da58a1617343e345d435953a0f32024997a95164.zip op-kernel-dev-da58a1617343e345d435953a0f32024997a95164.tar.gz |
/proc/*/environ: wrong placing of ptrace_may_attach() check
It's a bit dopey-looking and can permit a task to cause a pagefault in an mm
which it doesn't have permission to read from.
Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | fs/proc/base.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c index 46ea5d5..d092194 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -204,12 +204,17 @@ static int proc_pid_environ(struct task_struct *task, char * buffer) int res = 0; struct mm_struct *mm = get_task_mm(task); if (mm) { - unsigned int len = mm->env_end - mm->env_start; + unsigned int len; + + res = -ESRCH; + if (!ptrace_may_attach(task)) + goto out; + + len = mm->env_end - mm->env_start; if (len > PAGE_SIZE) len = PAGE_SIZE; res = access_process_vm(task, mm->env_start, buffer, len, 0); - if (!ptrace_may_attach(task)) - res = -ESRCH; +out: mmput(mm); } return res; |