close race in /proc/*/environ
authorAl Viro <viro@zeniv.linux.org.uk>
Wed, 16 Feb 2011 03:26:01 +0000 (22:26 -0500)
committerAl Viro <viro@zeniv.linux.org.uk>
Wed, 23 Mar 2011 20:36:51 +0000 (16:36 -0400)
Switch to mm_for_maps().  Maybe we ought to make it r--r--r--,
since we do checks on IO anyway...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
fs/proc/base.c

index c282811020826d7c7553e197fdce11c8b45b6da6..fc471b8766d197d79dacd9c1f4c9571147595441 100644 (file)
@@ -919,20 +919,18 @@ static ssize_t environ_read(struct file *file, char __user *buf,
        if (!task)
                goto out_no_task;
 
-       if (!ptrace_may_access(task, PTRACE_MODE_READ))
-               goto out;
-
        ret = -ENOMEM;
        page = (char *)__get_free_page(GFP_TEMPORARY);
        if (!page)
                goto out;
 
-       ret = 0;
 
-       mm = get_task_mm(task);
-       if (!mm)
+       mm = mm_for_maps(task);
+       ret = PTR_ERR(mm);
+       if (!mm || IS_ERR(mm))
                goto out_free;
 
+       ret = 0;
        while (count > 0) {
                int this_len, retval, max_len;