Author: pluto Date: Wed Dec 7 21:10:51 2011 GMT Module: packages Tag: LINUX_3_0 ---- Log message: 16:52 < pawels> after attaching with gdb, 'c(ontinue)', 'ctrl-c' the gdb reports a problem like 'Could not open /proc/$xxx/status' where $xxx is an id of one of application threads. 16:53 < pawels> without grsec patch there's no problem. (...) 17:09 < spender> so the question is 17:10 < spender> why isn't gdb accessing the proper file? :P 17:10 < spender> it should be using /proc/pid/task/tid 17:10 < spender> hah 17:11 < spender> anyway, since gdb is doing this dumb thing, I guess i'll have to revert that fix 17:11 < spender> it's just pretty lame actually 17:11 < spender> because if you access that directory for the thread, you get a task dir for it too 17:12 < spender> and you can very easily suck up huge amounts of kernel memory just by creating a bunch of threads (...) 17:14 < spender> remove those two lines
---- Files affected: packages/kernel: kernel-grsec_full.patch (1.85.2.5 -> 1.85.2.6) ---- Diffs: ================================================================ Index: packages/kernel/kernel-grsec_full.patch diff -u packages/kernel/kernel-grsec_full.patch:1.85.2.5 packages/kernel/kernel-grsec_full.patch:1.85.2.6 --- packages/kernel/kernel-grsec_full.patch:1.85.2.5 Tue Nov 22 10:50:50 2011 +++ packages/kernel/kernel-grsec_full.patch Wed Dec 7 22:10:43 2011 @@ -45929,13 +45929,10 @@ inode->i_op = &proc_tgid_base_inode_operations; inode->i_fop = &proc_tgid_base_operations; inode->i_flags|=S_IMMUTABLE; -@@ -3032,7 +3158,14 @@ struct dentry *proc_pid_lookup(struct in +@@ -3032,7 +3158,11 @@ struct dentry *proc_pid_lookup(struct in if (!task) goto out; -+ if (!has_group_leader_pid(task)) -+ goto out_put_task; -+ + if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task)) + goto out_put_task; + ================================================================ ---- CVS-web: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_full.patch?r1=1.85.2.5&r2=1.85.2.6&f=u _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit