From b789ebfca657a1fc77f6bd4dd648c0d5e96057c8 Mon Sep 17 00:00:00 2001 From: Andrew Morton Date: Mon, 10 Feb 2003 07:37:12 -0800 Subject: [PATCH] fix current->user->processes leak Patch from: Eric Lammerts Every time you do a loop mount, a kernel thread is started (those processes are called "loop0", "loop1", etc.). The problem is that when it starts, it's counted as one of your processes. Then, it's changed to be a root-owned process without correcting that count. Patch below fixes the problem. It moves the bookkeeping of changing current->user to a new function switch_uid() (which is now also used by exec_usermodehelper() in kmod.c). The patch is tested. --- kernel/sys.c | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) (limited to 'kernel/sys.c') diff --git a/kernel/sys.c b/kernel/sys.c index 9404304eba74..dffb67035c78 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -561,19 +561,12 @@ asmlinkage long sys_setgid(gid_t gid) static int set_user(uid_t new_ruid, int dumpclear) { - struct user_struct *new_user, *old_user; + struct user_struct *new_user; - /* What if a process setreuid()'s and this brings the - * new uid over his NPROC rlimit? We can check this now - * cheaply with the new uid cache, so if it matters - * we should be checking for it. -DaveM - */ new_user = alloc_uid(new_ruid); if (!new_user) return -EAGAIN; - old_user = current->user; - atomic_dec(&old_user->processes); - atomic_inc(&new_user->processes); + switch_uid(new_user); if(dumpclear) { @@ -581,8 +574,6 @@ static int set_user(uid_t new_ruid, int dumpclear) wmb(); } current->uid = new_ruid; - current->user = new_user; - free_uid(old_user); return 0; } -- cgit v1.2.3 From 02bdc207da7a083f7fdc5c8be23804021906798e Mon Sep 17 00:00:00 2001 From: "Andries E. Brouwer" Date: Mon, 10 Feb 2003 17:23:38 -0800 Subject: [PATCH] signal error return fix --- kernel/sys.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'kernel/sys.c') diff --git a/kernel/sys.c b/kernel/sys.c index dffb67035c78..afa6d2fc1372 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -907,6 +907,7 @@ asmlinkage long sys_setpgid(pid_t pid, pid_t pgid) p = find_task_by_pid(pid); if (!p) goto out; + err = -EINVAL; if (!thread_group_leader(p)) goto out; @@ -918,11 +919,16 @@ asmlinkage long sys_setpgid(pid_t pid, pid_t pgid) err = -EACCES; if (p->did_exec) goto out; - } else if (p != current) - goto out; + } else { + err = -ESRCH; + if (p != current) + goto out; + } + err = -EPERM; if (p->leader) goto out; + if (pgid != pid) { struct task_struct *p; struct pid *pid; -- cgit v1.2.3