mirror of
https://github.com/RGBCube/serenity
synced 2025-07-25 19:57:35 +00:00
ProcFS: Reduce the amount of info accessible to non-superusers
This patch hardens /proc a bit by making many things only accessible to UID 0, and also disallowing access to /proc/PID/ for anyone other than the UID of that process (and superuser, obviously.)
This commit is contained in:
parent
54d182f553
commit
9af054af9e
2 changed files with 47 additions and 35 deletions
|
@ -34,9 +34,10 @@ private:
|
|||
|
||||
struct ProcFSDirectoryEntry {
|
||||
ProcFSDirectoryEntry() {}
|
||||
ProcFSDirectoryEntry(const char* a_name, unsigned a_proc_file_type, Function<Optional<KBuffer>(InodeIdentifier)>&& a_read_callback = nullptr, Function<ssize_t(InodeIdentifier, const ByteBuffer&)>&& a_write_callback = nullptr, RefPtr<ProcFSInode>&& a_inode = nullptr)
|
||||
ProcFSDirectoryEntry(const char* a_name, unsigned a_proc_file_type, bool a_supervisor_only, Function<Optional<KBuffer>(InodeIdentifier)>&& a_read_callback = nullptr, Function<ssize_t(InodeIdentifier, const ByteBuffer&)>&& a_write_callback = nullptr, RefPtr<ProcFSInode>&& a_inode = nullptr)
|
||||
: name(a_name)
|
||||
, proc_file_type(a_proc_file_type)
|
||||
, supervisor_only(a_supervisor_only)
|
||||
, read_callback(move(a_read_callback))
|
||||
, write_callback(move(a_write_callback))
|
||||
, inode(move(a_inode))
|
||||
|
@ -45,6 +46,7 @@ private:
|
|||
|
||||
const char* name { nullptr };
|
||||
unsigned proc_file_type { 0 };
|
||||
bool supervisor_only { false };
|
||||
Function<Optional<KBuffer>(InodeIdentifier)> read_callback;
|
||||
Function<ssize_t(InodeIdentifier, const ByteBuffer&)> write_callback;
|
||||
RefPtr<ProcFSInode> inode;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue