packages (LINUX_3_0): kernel/kernel-grsec_full.patch 16:52 < pawels> after ...

pluto pluto at pld-linux.org
Wed Dec 7 22:10:51 CET 2011 

Author: pluto                        Date: Wed Dec  7 21:10:51 2011 GMT
Module: packages                      Tag: LINUX_3_0
---- Log message:
16:52 < pawels> after attaching with gdb, 'c(ontinue)', 'ctrl-c' the gdb reports a problem like 'Could not open /proc/$xxx/status' where $xxx is an id of one of application threads.
16:53 < pawels> without grsec patch there's no problem.
(...)
17:09 < spender> so the question is
17:10 < spender> why isn't gdb accessing the proper file? :P
17:10 < spender> it should be using /proc/pid/task/tid
17:10 < spender> hah
17:11 < spender> anyway, since gdb is doing this dumb thing, I guess i'll have to revert that fix
17:11 < spender> it's just pretty lame actually
17:11 < spender> because if you access that directory for the thread, you get a task dir for it too
17:12 < spender> and you can very easily suck up huge amounts of kernel memory just by creating a bunch of threads
(...)
17:14 < spender> remove those two lines

---- Files affected:
packages/kernel:
   kernel-grsec_full.patch (1.85.2.5 -> 1.85.2.6) 

---- Diffs:

================================================================
Index: packages/kernel/kernel-grsec_full.patch
diff -u packages/kernel/kernel-grsec_full.patch:1.85.2.5 packages/kernel/kernel-grsec_full.patch:1.85.2.6
--- packages/kernel/kernel-grsec_full.patch:1.85.2.5	Tue Nov 22 10:50:50 2011
+++ packages/kernel/kernel-grsec_full.patch	Wed Dec  7 22:10:43 2011
@@ -45929,13 +45929,10 @@
  	inode->i_op = &proc_tgid_base_inode_operations;
  	inode->i_fop = &proc_tgid_base_operations;
  	inode->i_flags|=S_IMMUTABLE;
-@@ -3032,7 +3158,14 @@ struct dentry *proc_pid_lookup(struct in
+@@ -3032,7 +3158,11 @@ struct dentry *proc_pid_lookup(struct in
  	if (!task)
  		goto out;
  
-+	if (!has_group_leader_pid(task))
-+		goto out_put_task;
-+
 +	if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))
 +		goto out_put_task;
 +
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_full.patch?r1=1.85.2.5&r2=1.85.2.6&f=u

More information about the pld-cvs-commit mailing list