Bug#412143: linux-2.6 - vserver patch allows renice of processes in different context

Bastian Blank Fri, 23 Feb 2007 15:48:40 -0800

Package: linux-2.6
Version: 2.6.18.dfsg.1-11
Severity: serious
Tags: security patch
User: debian-kernel@lists.debian.org
Usertags: dkt-waiting-etch-security-update


The included version of the vserver patch allows contexts to renice
processes in other contexts. See patch.

diff -NurpP linux-2.6.19.3-vs2.2.0-rc13.3/kernel/pid.c 
linux-2.6.19.3-vs2.2.0-rc13.4/kernel/pid.c
--- linux-2.6.19.3-vs2.2.0-rc13.3/kernel/pid.c  2006-12-04 01:47:02 +0100
+++ linux-2.6.19.3-vs2.2.0-rc13.4/kernel/pid.c  2007-02-23 00:30:28 +0100
@@ -286,6 +286,9 @@ void fastcall transfer_pid(struct task_s
 struct task_struct * fastcall pid_task(struct pid *pid, enum pid_type type)
 {
        struct task_struct *result = NULL;
+
+       if (type == PIDTYPE_REALPID)
+               type = PIDTYPE_PID;
        if (pid) {
                struct hlist_node *first;
                first = rcu_dereference(pid->tasks[type].first);
@@ -300,11 +303,17 @@ struct task_struct * fastcall pid_task(s
  */
 struct task_struct *find_task_by_pid_type(int type, int nr)
 {
+       struct task_struct *task;
+
        if (type == PIDTYPE_PID)
                nr = vx_rmap_pid(nr);
-       else if (type == PIDTYPE_REALPID)
-               type = PIDTYPE_PID;
-       return pid_task(find_pid(nr), type);
+
+       task = pid_task(find_pid(nr), type);
+       if (task && (type != PIDTYPE_REALPID) &&
+               /* maybe VS_WATCH_P in the future? */
+               !vx_check(task->xid, VS_WATCH|VS_IDENT))
+               return NULL;
+       return task;
 }
 
 EXPORT_SYMBOL(find_task_by_pid_type);
diff -NurpP linux-2.6.19.3-vs2.2.0-rc13.3.1/include/linux/pid.h 
linux-2.6.19.3-vs2.2.0-rc13.4/include/linux/pid.h
--- linux-2.6.19.3-vs2.2.0-rc13.3.1/include/linux/pid.h 2006-11-08 04:57:52 
+0100
+++ linux-2.6.19.3-vs2.2.0-rc13.4/include/linux/pid.h   2007-02-22 18:09:39 
+0100
@@ -105,7 +105,8 @@ static inline pid_t pid_nr(struct pid *p
                struct pid *pid___ = find_pid(who);                     \
                if (pid___ != NULL)                                     \
                        hlist_for_each_entry_rcu((task), pos___,        \
-                               &pid___->tasks[type], pids[type].node) {
+                               &pid___->tasks[type], pids[type].node)  \
+                       if (vx_check((task)->xid, VS_WATCH_P|VS_IDENT)) {
 
 #define while_each_task_pid(who, type, task)                           \
                        }                                               \
@@ -124,7 +124,8 @@ static inline pid_t pid_nr(struct pid *p
                struct hlist_node *pos___;                              \
                if (pid != NULL)                                        \
                        hlist_for_each_entry_rcu((task), pos___,        \
-                               &pid->tasks[type], pids[type].node) {
+                               &pid->tasks[type], pids[type].node)     \
+                       if (vx_check((task)->xid, VS_WATCH_P|VS_IDENT)) {
 
 #define while_each_pid_task(pid, type, task)                           \
                        }                                               \

Bastian

-- 
Power is danger.
                -- The Centurion, "Balance of Terror", stardate 1709.2


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#412143: linux-2.6 - vserver patch allows renice of processes in different context

Reply via email to