Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (25 commits) security: remove register_security hook security: remove dummy module fix security: remove dummy module security: remove unused sb_get_mnt_opts hook LSM/SELinux: show LSM mount options in /proc/mounts SELinux: allow fstype unknown to policy to use xattrs if present security: fix return of void-valued expressions SELinux: use do_each_thread as a proper do/while block SELinux: remove unused and shadowed addrlen variable SELinux: more user friendly unknown handling printk selinux: change handling of invalid classes (Was: Re: 2.6.26-rc5-mm1 selinux whine) SELinux: drop load_mutex in security_load_policy SELinux: fix off by 1 reference of class_to_string in context_struct_compute_av SELinux: open code sidtab lock SELinux: open code load_mutex SELinux: open code policy_rwlock selinux: fix endianness bug in network node address handling selinux: simplify ioctl checking SELinux: enable processes with mac_admin to get the raw inode contexts Security: split proc ptrace checking into read vs. attach ...
This commit is contained in:
Linus Torvalds
@@ -121,7 +121,7 @@ int ptrace_check_attach(struct task_struct *child, int kill)
|
||||
return ret;
|
||||
}
|
||||
|
||||
int __ptrace_may_attach(struct task_struct *task)
|
||||
int __ptrace_may_access(struct task_struct *task, unsigned int mode)
|
||||
{
|
||||
/* May we inspect the given task?
|
||||
* This check is used both for attaching with ptrace
|
||||
@@ -148,16 +148,16 @@ int __ptrace_may_attach(struct task_struct *task)
|
||||
if (!dumpable && !capable(CAP_SYS_PTRACE))
|
||||
return -EPERM;
|
||||
|
||||
return security_ptrace(current, task);
|
||||
return security_ptrace(current, task, mode);
|
||||
}
|
||||
|
||||
int ptrace_may_attach(struct task_struct *task)
|
||||
bool ptrace_may_access(struct task_struct *task, unsigned int mode)
|
||||
{
|
||||
int err;
|
||||
task_lock(task);
|
||||
err = __ptrace_may_attach(task);
|
||||
err = __ptrace_may_access(task, mode);
|
||||
task_unlock(task);
|
||||
return !err;
|
||||
return (!err ? true : false);
|
||||
}
|
||||
|
||||
int ptrace_attach(struct task_struct *task)
|
||||
@@ -195,7 +195,7 @@ repeat:
|
||||
/* the same process cannot be attached many times */
|
||||
if (task->ptrace & PT_PTRACED)
|
||||
goto bad;
|
||||
retval = __ptrace_may_attach(task);
|
||||
retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH);
|
||||
if (retval)
|
||||
goto bad;
|
||||
|
||||
@@ -494,7 +494,8 @@ int ptrace_traceme(void)
|
||||
*/
|
||||
task_lock(current);
|
||||
if (!(current->ptrace & PT_PTRACED)) {
|
||||
ret = security_ptrace(current->parent, current);
|
||||
ret = security_ptrace(current->parent, current,
|
||||
PTRACE_MODE_ATTACH);
|
||||
/*
|
||||
* Set the ptrace bit in the process ptrace flags.
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user