> [PATCH] Security: Handle hidepid option correctly
Why is this considered to be security sensitive? I can guess, but I'd like to know your reasoning. On Thu, 29 Nov 2018 19:08:21 +0800 [email protected] wrote: > From: Cheng Yang <[email protected]> > > The proc_parse_options() call from proc_mount() runs only once at boot > time. So on any later mount attempt, any mount options are ignored > because ->s_root is already initialized. > As a consequence, "mount -o <options>" will ignore the options. The > only way to change mount options is "mount -o remount,<options>". > To fix this, parse the mount options unconditionally. > > --- a/fs/proc/inode.c > +++ b/fs/proc/inode.c > @@ -493,13 +493,9 @@ struct inode *proc_get_inode(struct super_block *sb, > struct proc_dir_entry *de) > > int proc_fill_super(struct super_block *s, void *data, int silent) > { > - struct pid_namespace *ns = get_pid_ns(s->s_fs_info); > struct inode *root_inode; > int ret; > > - if (!proc_parse_options(data, ns)) > - return -EINVAL; > - > /* User space would break if executables or devices appear on proc */ > s->s_iflags |= SB_I_USERNS_VISIBLE | SB_I_NOEXEC | SB_I_NODEV; > s->s_flags |= SB_NODIRATIME | SB_NOSUID | SB_NOEXEC; > diff --git a/fs/proc/root.c b/fs/proc/root.c > index f4b1a9d..f5f3bf3 100644 > --- a/fs/proc/root.c > +++ b/fs/proc/root.c > @@ -98,6 +98,9 @@ static struct dentry *proc_mount(struct file_system_type > *fs_type, > ns = task_active_pid_ns(current); > } > > + if (!proc_parse_options(data, ns)) > + return ERR_PTR(-EINVAL); > + > return mount_ns(fs_type, flags, data, ns, ns->user_ns, proc_fill_super); > } Other filesystems parse the options from fill_super(). Is proc special in some fashion?
