This is the seventh in a series of seven patches to the BSD Secure
Levels LSM. It removes the ptrace check because it is redundant with
the check made in kernel/ptrace.c. Thanks for Brad Spengler for this
suggestion.
Signed off by: Michael Halcrow <[email protected]>
Index: linux-2.6.12-rc4-mm2-seclvl/security/seclvl.c
===================================================================
--- linux-2.6.12-rc4-mm2-seclvl.orig/security/seclvl.c 2005-05-16 16:31:36.000000000 -0500
+++ linux-2.6.12-rc4-mm2-seclvl/security/seclvl.c 2005-05-16 16:33:01.000000000 -0500
@@ -396,23 +396,6 @@
seclvl_write_passwd);
/**
- * Explicitely disallow ptrace'ing the init process.
- */
-static int seclvl_ptrace(struct task_struct *parent, struct task_struct *child)
-{
- if (seclvl >= 0) {
- if (child->pid == 1) {
- seclvl_printk(1, KERN_WARNING "%s: Attempt to ptrace "
- "the init process dissallowed in "
- "secure level %d\n", __FUNCTION__,
- seclvl);
- return -EPERM;
- }
- }
- return 0;
-}
-
-/**
* Capability checks for seclvl. The majority of the policy
* enforcement for seclvl takes place here.
*/
@@ -631,7 +614,6 @@
}
static struct security_operations seclvl_ops = {
- .ptrace = seclvl_ptrace,
.capable = seclvl_capable,
.file_permission = seclvl_file_permission,
.inode_setattr = seclvl_inode_setattr,
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
