diff options
author | Oleg Nesterov <oleg@redhat.com> | 2009-09-23 15:57:01 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-09-24 07:21:01 -0700 |
commit | 06f1631a1671bce2d59d58cb1debdf23e1803ebf (patch) | |
tree | d1c5cc02d8ceff4c50c098dce957ad63a09e84a5 /fs | |
parent | 4a30debfb778240a4b1767d4b0c5a5b25ab97160 (diff) | |
download | op-kernel-dev-06f1631a1671bce2d59d58cb1debdf23e1803ebf.zip op-kernel-dev-06f1631a1671bce2d59d58cb1debdf23e1803ebf.tar.gz |
signals: send_sigio: use do_send_sig_info() to avoid check_kill_permission()
group_send_sig_info()->check_kill_permission() assumes that current is the
sender and uses current_cred().
This is not true in send_sigio_to_task() case. From the security pov the
sender is not current, but the task which did fcntl(F_SETOWN), that is why
we have sigio_perm() which uses the right creds to check.
Fortunately, send_sigio() always sends either SEND_SIG_PRIV or
SI_FROMKERNEL() signal, so check_kill_permission() does nothing. But
still it would be tidier to avoid this bogus security check and save a
couple of cycles.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: stephane eranian <eranian@googlemail.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/fcntl.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -461,11 +461,11 @@ static void send_sigio_to_task(struct task_struct *p, else si.si_band = band_table[reason - POLL_IN]; si.si_fd = fd; - if (!group_send_sig_info(signum, &si, p)) + if (!do_send_sig_info(signum, &si, p, true)) break; /* fall-through: fall back on the old plain SIGIO signal */ case 0: - group_send_sig_info(SIGIO, SEND_SIG_PRIV, p); + do_send_sig_info(SIGIO, SEND_SIG_PRIV, p, true); } } |