From: Stephen Smalley <sds@epoch.ncsc.mil>

This patch against 2.6.0-test3-mm3 adds calls to the security_task_to_inode
hook to the pid*_revalidate functions to ensure that the inode security field
is also updated appropriately for /proc/pid inodes.  This corresponds with
the uid/gid update performed by the proc-pid-setuid-ownership-fix.patch that
is already in -mm3.



 25-akpm/fs/proc/base.c |   31 ++++++++++++++++++++++---------
 1 files changed, 22 insertions(+), 9 deletions(-)

diff -puN fs/proc/base.c~pid-revalidate-security-hook fs/proc/base.c
--- 25/fs/proc/base.c~pid-revalidate-security-hook	Thu Aug 21 15:21:16 2003
+++ 25-akpm/fs/proc/base.c	Thu Aug 21 15:21:16 2003
@@ -870,11 +870,17 @@ out_unlock:
  */
 static int pid_revalidate(struct dentry *dentry, struct nameidata *nd)
 {
-	if (pid_alive(proc_task(dentry->d_inode))) {
-		struct task_struct *task = proc_task(dentry->d_inode);
-
-		dentry->d_inode->i_uid = task->euid;
-		dentry->d_inode->i_gid = task->egid;
+	struct inode *inode = dentry->d_inode;
+	struct task_struct *task = proc_task(inode);
+	if (pid_alive(task)) {
+		if (proc_type(inode) == PROC_PID_INO || task_dumpable(task)) {
+			inode->i_uid = task->euid;
+			inode->i_gid = task->egid;
+		} else {
+			inode->i_uid = 0;
+			inode->i_gid = 0;
+		}
+		security_task_to_inode(task, inode);
 		return 1;
 	}
 	d_drop(dentry);
@@ -883,8 +889,9 @@ static int pid_revalidate(struct dentry 
 
 static int pid_fd_revalidate(struct dentry *dentry, struct nameidata *nd)
 {
-	struct task_struct *task = proc_task(dentry->d_inode);
-	int fd = proc_type(dentry->d_inode) - PROC_PID_FD_DIR;
+	struct inode *inode = dentry->d_inode;
+	struct task_struct *task = proc_task(inode);
+	int fd = proc_type(inode) - PROC_PID_FD_DIR;
 	struct files_struct *files;
 
 	task_lock(task);
@@ -897,8 +904,14 @@ static int pid_fd_revalidate(struct dent
 		if (fcheck_files(files, fd)) {
 			spin_unlock(&files->file_lock);
 			put_files_struct(files);
-			dentry->d_inode->i_uid = task->euid;
-			dentry->d_inode->i_gid = task->egid;
+			if (task_dumpable(task)) {
+				inode->i_uid = task->euid;
+				inode->i_gid = task->egid;
+			} else {
+				inode->i_uid = 0;
+				inode->i_gid = 0;
+			}
+			security_task_to_inode(task, inode);
 			return 1;
 		}
 		spin_unlock(&files->file_lock);

_