diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-07-14 16:36:55 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-07-14 16:36:55 -0400 |
| commit | 847106ff628805e1a0aa91e7f53381f3fdfcd839 (patch) | |
| tree | 457c8d6a5ff20f4d0f28634a196f92273298e49e /fs/proc/base.c | |
| parent | c142bda458a9c81097238800e1bd8eeeea09913d (diff) | |
| parent | 6f0f0fd496333777d53daff21a4e3b28c4d03a6d (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (25 commits)
security: remove register_security hook
security: remove dummy module fix
security: remove dummy module
security: remove unused sb_get_mnt_opts hook
LSM/SELinux: show LSM mount options in /proc/mounts
SELinux: allow fstype unknown to policy to use xattrs if present
security: fix return of void-valued expressions
SELinux: use do_each_thread as a proper do/while block
SELinux: remove unused and shadowed addrlen variable
SELinux: more user friendly unknown handling printk
selinux: change handling of invalid classes (Was: Re: 2.6.26-rc5-mm1 selinux whine)
SELinux: drop load_mutex in security_load_policy
SELinux: fix off by 1 reference of class_to_string in context_struct_compute_av
SELinux: open code sidtab lock
SELinux: open code load_mutex
SELinux: open code policy_rwlock
selinux: fix endianness bug in network node address handling
selinux: simplify ioctl checking
SELinux: enable processes with mac_admin to get the raw inode contexts
Security: split proc ptrace checking into read vs. attach
...
Diffstat (limited to 'fs/proc/base.c')
| -rw-r--r-- | fs/proc/base.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c index 3b455371e7ff..58c3e6a8e15e 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c | |||
| @@ -233,7 +233,7 @@ static int check_mem_permission(struct task_struct *task) | |||
| 233 | */ | 233 | */ |
| 234 | if (task->parent == current && (task->ptrace & PT_PTRACED) && | 234 | if (task->parent == current && (task->ptrace & PT_PTRACED) && |
| 235 | task_is_stopped_or_traced(task) && | 235 | task_is_stopped_or_traced(task) && |
| 236 | ptrace_may_attach(task)) | 236 | ptrace_may_access(task, PTRACE_MODE_ATTACH)) |
| 237 | return 0; | 237 | return 0; |
| 238 | 238 | ||
| 239 | /* | 239 | /* |
| @@ -251,7 +251,8 @@ struct mm_struct *mm_for_maps(struct task_struct *task) | |||
| 251 | task_lock(task); | 251 | task_lock(task); |
| 252 | if (task->mm != mm) | 252 | if (task->mm != mm) |
| 253 | goto out; | 253 | goto out; |
| 254 | if (task->mm != current->mm && __ptrace_may_attach(task) < 0) | 254 | if (task->mm != current->mm && |
| 255 | __ptrace_may_access(task, PTRACE_MODE_READ) < 0) | ||
| 255 | goto out; | 256 | goto out; |
| 256 | task_unlock(task); | 257 | task_unlock(task); |
| 257 | return mm; | 258 | return mm; |
| @@ -518,7 +519,7 @@ static int proc_fd_access_allowed(struct inode *inode) | |||
| 518 | */ | 519 | */ |
| 519 | task = get_proc_task(inode); | 520 | task = get_proc_task(inode); |
| 520 | if (task) { | 521 | if (task) { |
| 521 | allowed = ptrace_may_attach(task); | 522 | allowed = ptrace_may_access(task, PTRACE_MODE_READ); |
| 522 | put_task_struct(task); | 523 | put_task_struct(task); |
| 523 | } | 524 | } |
| 524 | return allowed; | 525 | return allowed; |
| @@ -904,7 +905,7 @@ static ssize_t environ_read(struct file *file, char __user *buf, | |||
| 904 | if (!task) | 905 | if (!task) |
| 905 | goto out_no_task; | 906 | goto out_no_task; |
| 906 | 907 | ||
| 907 | if (!ptrace_may_attach(task)) | 908 | if (!ptrace_may_access(task, PTRACE_MODE_READ)) |
| 908 | goto out; | 909 | goto out; |
| 909 | 910 | ||
| 910 | ret = -ENOMEM; | 911 | ret = -ENOMEM; |