linux/kernel
Oleg Nesterov f2cc3eb133 do_wait: fix security checks
Imho, the current usage of security_task_wait() is not logical.

Suppose we have the single child p, and security_task_wait(p) return
-EANY.  In that case waitpid(-1) returns this error.  Why? Isn't it
better to return ECHLD? We don't really have reapable children.

Now suppose that child was stolen by gdb.  In that case we find this
child on ->ptrace_children and set flag = 1, but we don't check that the
child was denied.  So, do_wait(..., WNOHANG) returns 0, this doesn't
match the behaviour above.  Without WNOHANG do_wait() blocks only to
return the error later, when the child will be untraced.  Inho, really
strange.

I think eligible_child() should return the error only if the child's pid
was requested explicitly, otherwise we should silently ignore the tasks
which were nacked by security_task_wait().

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Roland McGrath <roland@redhat.com>
Cc: Chris Wright <chrisw@sous-sol.org>
Cc: Eric Paris <eparis@redhat.com>
Cc: James Morris <jmorris@namei.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-08 09:22:26 -08:00
..
irq genirq: stackdump after the "Trying to free already-free IRQ" message 2008-01-30 13:33:24 +01:00
power PM: documentation cleanups 2008-02-07 01:27:17 -05:00
time time: fix sysfs_show_{available,current}_clocksources() buffer overflow problem 2008-02-06 10:41:03 -08:00
.gitignore
acct.c acct: real_parent ppid 2008-01-07 14:55:37 -08:00
audit_tree.c [PATCH] audit: watching subtrees 2007-10-21 02:37:45 -04:00
audit.c [AUDIT] ratelimit printk messages audit 2008-02-01 14:25:04 -05:00
audit.h [PATCH] audit: watching subtrees 2007-10-21 02:37:45 -04:00
auditfilter.c [AUDIT] make audit=0 really stop audit messages 2008-02-01 14:24:33 -05:00
auditsc.c [AUDIT] create context if auditing was ever enabled 2008-02-01 14:24:45 -05:00
backtracetest.c x86: add a simple backtrace test module 2008-01-30 13:33:08 +01:00
capability.c Add 64-bit capability support to the kernel 2008-02-05 09:44:20 -08:00
cgroup_debug.c Task Control Groups: simple task cgroup debug info subsystem 2007-10-19 11:53:36 -07:00
cgroup.c Handle pid namespaces in cgroups code 2008-02-07 08:42:22 -08:00
compat.c Merge ssh://master.kernel.org/pub/scm/linux/kernel/git/tglx/linux-2.6-hrt 2007-10-18 15:12:41 -07:00
configs.c use simple_read_from_buffer in kernel/ 2007-05-09 12:30:49 -07:00
cpu.c cpu-hotplug: replace per-subsystem mutexes with get_online_cpus() 2008-01-25 21:08:02 +01:00
cpuset.c proc: seqfile convert proc_pid_status to properly handle pid namespaces 2008-02-08 09:22:24 -08:00
delayacct.c Add scaled time to taskstats based process accounting 2007-10-18 14:37:28 -07:00
dma.c whitespace fixes: DMA channel allocator 2007-10-18 14:37:24 -07:00
exec_domain.c whitespace fixes: execution domains 2007-10-18 14:37:26 -07:00
exit.c do_wait: fix security checks 2008-02-08 09:22:26 -08:00
extable.c module: Don't report discarded init pages as kernel text. 2008-01-29 17:13:18 +11:00
fork.c Memory controller: accounting setup 2008-02-07 08:42:18 -08:00
futex_compat.c futex: Add bitset conditional wait/wakeup functionality 2008-02-01 17:45:14 +01:00
futex.c futex: Add bitset conditional wait/wakeup functionality 2008-02-01 17:45:14 +01:00
hrtimer.c timerfd: new timerfd API 2008-02-05 09:44:07 -08:00
itimer.c whitespace fixes: interval timers 2007-10-18 14:37:26 -07:00
kallsyms.c remove support for un-needed _extratext section 2008-02-06 10:41:01 -08:00
Kconfig.hz sched: high-res preemption tick 2008-01-25 21:08:29 +01:00
Kconfig.preempt sched: remove the !PREEMPT_BKL code 2008-01-25 21:08:33 +01:00
kexec.c vmcoreinfo: add "VMCOREINFO_" to all the call for vmcoreinfo_append_str() 2008-02-07 08:42:25 -08:00
kfifo.c is_power_of_2: kernel/kfifo.c 2007-07-16 09:05:50 -07:00
kmod.c Fix unbalanced helper_lock in kernel/kmod.c 2008-01-17 15:38:59 -08:00
kprobes.c kprobes: kretprobe user entry-handler 2008-02-06 10:41:11 -08:00
ksysfs.c Kobject: convert remaining kobject_unregister() to kobject_put() 2008-01-24 20:40:40 -08:00
kthread.c sched: fix, always create kernel threads with normal priority 2008-01-25 21:08:33 +01:00
latencytop.c sched: latencytop support 2008-01-25 21:08:34 +01:00
lockdep_internals.h
lockdep_proc.c lockdep: Avoid /proc/lockdep & lock_stat infinite output 2007-10-11 22:11:11 +02:00
lockdep.c softlockup: automatically detect hung TASK_UNINTERRUPTIBLE tasks 2008-01-25 21:08:02 +01:00
Makefile namespaces: cleanup the code managed with PID_NS option 2008-02-08 09:22:23 -08:00
marker.c Linux Kernel Markers: fix marker mutex not taken upon module load 2007-11-14 18:45:40 -08:00
module.c fix "modules: make module_address_lookup() safe" 2008-02-08 09:22:24 -08:00
mutex-debug.c
mutex-debug.h
mutex.c Add mutex_lock_killable 2007-12-06 17:37:59 -05:00
mutex.h
notifier.c kernel/notifier.c should #include <linux/reboot.h> 2008-02-06 10:41:02 -08:00
ns_cgroup.c cgroups: implement namespace tracking subsystem 2007-10-19 11:53:37 -07:00
nsproxy.c namespaces: move the IPC namespace under IPC_NS option 2008-02-08 09:22:23 -08:00
panic.c ACPI: Taint kernel on ACPI table override (format corrected) 2008-02-06 22:07:51 -05:00
params.c kernel/params.c: remove sparse-warning (different signedness) 2008-02-06 10:41:08 -08:00
pid_namespace.c namespaces: cleanup the code managed with PID_NS option 2008-02-08 09:22:23 -08:00
pid.c namespaces: cleanup the code managed with PID_NS option 2008-02-08 09:22:23 -08:00
pm_qos_params.c pm qos infrastructure and interface 2008-02-05 09:44:22 -08:00
posix-cpu-timers.c sched: rt-watchdog: fix .rlim_max = RLIM_INFINITY 2008-01-25 21:08:32 +01:00
posix-timers.c timerfd: new timerfd API 2008-02-05 09:44:07 -08:00
printk.c printk.c: use unsigned ints instead of longs for logbuf index 2008-02-06 10:41:04 -08:00
profile.c debug: clean up kernel/profile.c 2008-01-25 21:08:33 +01:00
ptrace.c ptrace_check_attach: remove unneeded ->signal != NULL check 2008-02-08 09:22:26 -08:00
rcuclassic.c Preempt-RCU: implementation 2008-01-25 21:08:24 +01:00
rcupdate.c Preempt-RCU: fix rcu_barrier for preemptive environment. 2008-01-25 21:08:24 +01:00
rcupreempt_trace.c Preempt-RCU: implementation 2008-01-25 21:08:24 +01:00
rcupreempt.c Preempt-RCU: CPU Hotplug handling 2008-01-25 21:08:25 +01:00
rcutorture.c cpu-hotplug: replace lock_cpu_hotplug() with get_online_cpus() 2008-01-25 21:08:02 +01:00
relay.c relay: nopage 2008-02-06 10:41:07 -08:00
res_counter.c Memory controller improve user interface 2008-02-07 08:42:18 -08:00
resource.c Add IORESOUCE_BUSY flag for System RAM 2007-11-14 18:45:39 -08:00
rtmutex_common.h FUTEX: Tidy up the code 2007-07-16 09:05:49 -07:00
rtmutex-debug.c Use helpers to obtain task pid in printks 2007-10-19 11:53:43 -07:00
rtmutex-debug.h
rtmutex-tester.c Driver core: change sysdev classes to use dynamic kobject names 2008-01-24 20:40:40 -08:00
rtmutex.c Use helpers to obtain task pid in printks 2007-10-19 11:53:43 -07:00
rtmutex.h
rwsem.c sched: mark rwsem functions as __sched for wchan/profiling 2007-12-18 15:21:13 +01:00
sched_debug.c sched: keep total / count stats in addition to the max for 2008-01-25 21:08:35 +01:00
sched_fair.c sched: let +nice tasks have smaller impact 2008-01-31 22:45:22 +01:00
sched_idletask.c sched: high-res preemption tick 2008-01-25 21:08:29 +01:00
sched_rt.c sched: fix goto retry in pick_next_task_rt() 2008-01-25 21:08:34 +01:00
sched_stats.h sched: clean up kernel/sched_stat.h 2007-11-28 15:52:56 +01:00
sched.c Merge branch 'task_killable' of git://git.kernel.org/pub/scm/linux/kernel/git/willy/misc 2008-02-01 11:45:47 +11:00
seccomp.c make seccomp zerocost in schedule 2007-07-16 09:05:50 -07:00
signal.c ptrace_stop: fix racy nonstop_code setting 2008-02-08 09:22:26 -08:00
softirq.c time: track accurate idle time with tick_sched.idle_sleeptime 2008-01-30 13:30:04 +01:00
softlockup.c debug: softlockup looping fix 2008-02-02 14:27:45 +11:00
spinlock.c spinlock: lockbreak cleanup 2008-01-30 13:31:20 +01:00
srcu.c make srcu_readers_active() static 2008-02-06 10:41:02 -08:00
stacktrace.c
stop_machine.c stopmachine: semaphore to mutex 2008-02-06 10:41:08 -08:00
sys_ni.c timerfd: new timerfd API 2008-02-05 09:44:07 -08:00
sys.c kernel/sys.c: get rid of expensive divides in groups_sort() 2008-02-06 10:41:09 -08:00
sysctl_check.c capabilities: introduce per-process capability bounding set 2008-02-05 09:44:20 -08:00
sysctl.c hugetlb: add locking for overcommit sysctl 2008-02-08 09:22:23 -08:00
taskstats.c kernel/taskstats.c: fix bogus nlmsg_free() 2007-11-14 18:45:44 -08:00
test_kprobes.c kprobes: kretprobe user entry-handler 2008-02-06 10:41:11 -08:00
time.c speed up jiffies conversion functions if HZ==USER_HZ 2008-02-06 10:41:10 -08:00
timer.c taskstats scaled time cleanup 2008-02-06 10:41:00 -08:00
tsacct.c Add scaled time to taskstats based process accounting 2007-10-18 14:37:28 -07:00
uid16.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
user_namespace.c namespaces: cleanup the code managed with the USER_NS option 2008-02-08 09:22:23 -08:00
user.c namespaces: cleanup the code managed with the USER_NS option 2008-02-08 09:22:23 -08:00
utsname_sysctl.c Isolate the UTS namespace's domainname and hostname back 2007-11-29 09:24:53 -08:00
utsname.c Fix UTS corruption during clone(CLONE_NEWUTS) 2007-09-19 11:24:17 -07:00
wait.c wait: Use TASK_NORMAL 2007-12-06 17:34:36 -05:00
workqueue.c cpu-hotplug: replace per-subsystem mutexes with get_online_cpus() 2008-01-25 21:08:02 +01:00