* Ram Gupta ([email protected]) wrote:
> This patch fixes a bug of ptrace for PTRACE_TRACEME request. In this
> case the call is made by the child process & code needs to check the
> capabilty of the parent process to trace the child process but code
> incorrectly makes check for the child process.
Actually, that check is never triggered, for slightly subtle reason.
> Signed-off-by: Ram Gupta <[email protected]>
>
> --- linux-2.6.14-patch-2.6.15/security/commoncap.c.orig Wed Mar 8 13:54:06 2006
> +++ linux-2.6.14-patch-2.6.15/security/commoncap.c Wed Mar 8 13:57:07 2006
> @@ -59,9 +59,13 @@ int cap_settime(struct timespec *ts, str
> int cap_ptrace (struct task_struct *parent, struct task_struct *child)
> {
> /* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */
> - if (!cap_issubset (child->cap_permitted, current->cap_permitted) &&
In the context of TRACEME, child == current.
Historically, there's been no default security check for TRACEME, so
a change here has some small chance of breaking things (which would
be fine for plugging a real security hole). Parent less privileged
than child which did TRACEME is a bit of a contrived case, so security
implications aren't so worrisome. Modules like SELinux will actually
check this case, and should properly restrict. We can try a change in
-mm for a while.
> - !capable(CAP_SYS_PTRACE))
> - return -EPERM;
> + if (!cap_issubset (child->cap_permitted, current->cap_permitted)){
> + if(!security_ops->capable(parent,CAP_SYS_PTRACE)){
This is not valid when !CONFIG_SECURITY.
thanks,
-chris
--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
