Eric Lee / smarc-ti-linux-kernel

Download as
Browse Code ยป

Commit d4eb82c783992551c574580eb55fddc8bb006ad0

Authored by Chris Wright
Committed by Linus Torvalds
1 parent 12b5989be1

[PATCH] make cap_ptrace enforce PTRACE_TRACME checks 

PTRACE_TRACEME doesn't have proper capabilities validation when parent is
less privileged than child.  Issue pointed out by Ram Gupta
<ram.gupta5@gmail.com>.

Note: I haven't identified a strong security issue, and it's a small ABI
change that could break apps that rely on existing behaviour (which allows
parent that is less privileged than child to ptrace when child does
PTRACE_TRACEME).

Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Cc: Ram Gupta <ram.gupta5@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

Showing 1 changed file with 2 additions and 2 deletions Side-by-side Diff

security/commoncap.c
Diff comments   View file @ d4eb82c
... ... @@ -60,8 +60,8 @@
60 60 int cap_ptrace (struct task_struct *parent, struct task_struct *child)
61 61 {
62 62 /* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */
63   - if (!cap_issubset (child->cap_permitted, current->cap_permitted) &&
64   - !capable(CAP_SYS_PTRACE))
  63 + if (!cap_issubset(child->cap_permitted, parent->cap_permitted) &&
  64 + !__capable(parent, CAP_SYS_PTRACE))
65 65 return -EPERM;
66 66 return 0;
67 67 }