FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Kernel

 
 
LinkBack Thread Tools
 
Old 12-14-2011, 01:12 AM
Ben Hutchings
 
Default taskstats capability check in stable

This change is likely to be included in 2.6.32.y and, by default, in our
next stable point release. As Linus says, this means that unprivileged
accounts won't be able to run iotop, but this is probably correct
behaviour.

It appears that older versions of iotop do not report this error in a
helpful way (#644616). So I think that if we apply this change to the
kernel then iotop should also be updated in stable.

Ben.

-------- Forwarded Message --------
From: gregkh@suse.de
To: torvalds@linux-foundation.org, bsingharora@gmail.com, gregkh@suse.de, jmm@inutil.org, johannes.berg@intel.com, segoon@openwall.com
Cc: stable@vger.kernel.org, stable-commits@vger.kernel.org
Subject: Patch "Make TASKSTATS require root access" has been added to the 2.6.32-longterm tree
Date: Tue, 13 Dec 2011 14:10:52 -0800

This is a note to let you know that I've just added the patch titled

Make TASKSTATS require root access

to the 2.6.32-longterm tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/longterm/longterm-queue-2.6.32.git;a=summary

The filename of the patch is:
make-taskstats-require-root-access.patch
and it can be found in the queue-2.6.32 subdirectory.

If you, or anyone else, feels it should not be added to the 2.6.32 longterm tree,
please let <stable@vger.kernel.org> know about it.


From 1a51410abe7d0ee4b1d112780f46df87d3621043 Mon Sep 17 00:00:00 2001
From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Mon, 19 Sep 2011 17:04:37 -0700
Subject: Make TASKSTATS require root access

From: Linus Torvalds <torvalds@linux-foundation.org>

commit 1a51410abe7d0ee4b1d112780f46df87d3621043 upstream.

Ok, this isn't optimal, since it means that 'iotop' needs admin
capabilities, and we may have to work on this some more. But at the
same time it is very much not acceptable to let anybody just read
anybody elses IO statistics quite at this level.

Use of the GENL_ADMIN_PERM suggested by Johannes Berg as an alternative
to checking the capabilities by hand.

Reported-by: Vasiliy Kulikov <segoon@openwall.com>
Cc: Johannes Berg <johannes.berg@intel.com>
Acked-by: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Moritz Mhlenhoff <jmm@inutil.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
kernel/taskstats.c | 1 +
1 file changed, 1 insertion(+)

--- a/kernel/taskstats.c
+++ b/kernel/taskstats.c
@@ -592,6 +592,7 @@ static struct genl_ops taskstats_ops = {
.cmd = TASKSTATS_CMD_GET,
.doit = taskstats_user_cmd,
.policy = taskstats_cmd_get_policy,
+ .flags = GENL_ADMIN_PERM,
};

static struct genl_ops cgroupstats_ops = {


Patches currently in longterm-queue-2.6.32 which might be from torvalds@linux-foundation.org are

/home/gregkh/linux/longterm/longterm-queue-2.6.32/queue-2.6.32/linux-log2.h-fix-rounddown_pow_of_two-1.patch
/home/gregkh/linux/longterm/longterm-queue-2.6.32/queue-2.6.32/hfs-fix-hfs_find_init-sb-ext_tree-null-ptr-oops.patch
/home/gregkh/linux/longterm/longterm-queue-2.6.32/queue-2.6.32/make-taskstats-require-root-access.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html


--
Ben Hutchings
Computers are not intelligent. They only think they are.
 

Thread Tools




All times are GMT. The time now is 01:38 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org