aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/ptrace.c
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2008-11-13 18:39:16 -0500
committerJames Morris <jmorris@namei.org>2008-11-13 18:39:16 -0500
commitb6dff3ec5e116e3af6f537d4caedcad6b9e5082a (patch)
tree9e76f972eb7ce9b84e0146c8e4126a3f86acb428 /kernel/ptrace.c
parent15a2460ed0af7538ca8e6c610fe607a2cd9da142 (diff)
CRED: Separate task security context from task_struct
Separate the task security context from task_struct. At this point, the security data is temporarily embedded in the task_struct with two pointers pointing to it. Note that the Alpha arch is altered as it refers to (E)UID and (E)GID in entry.S via asm-offsets. With comment fixes Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'kernel/ptrace.c')
-rw-r--r--kernel/ptrace.c19
1 files changed, 10 insertions, 9 deletions
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index 937f6b5b2008..49849d12dd12 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -115,6 +115,8 @@ int ptrace_check_attach(struct task_struct *child, int kill)
115 115
116int __ptrace_may_access(struct task_struct *task, unsigned int mode) 116int __ptrace_may_access(struct task_struct *task, unsigned int mode)
117{ 117{
118 struct cred *cred = current->cred, *tcred = task->cred;
119
118 /* May we inspect the given task? 120 /* May we inspect the given task?
119 * This check is used both for attaching with ptrace 121 * This check is used both for attaching with ptrace
120 * and for allowing access to sensitive information in /proc. 122 * and for allowing access to sensitive information in /proc.
@@ -123,19 +125,18 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode)
123 * because setting up the necessary parent/child relationship 125 * because setting up the necessary parent/child relationship
124 * or halting the specified task is impossible. 126 * or halting the specified task is impossible.
125 */ 127 */
126 uid_t uid; 128 uid_t uid = cred->uid;
127 gid_t gid; 129 gid_t gid = cred->gid;
128 int dumpable = 0; 130 int dumpable = 0;
129 /* Don't let security modules deny introspection */ 131 /* Don't let security modules deny introspection */
130 if (task == current) 132 if (task == current)
131 return 0; 133 return 0;
132 current_uid_gid(&uid, &gid); 134 if ((uid != tcred->euid ||
133 if ((uid != task->euid || 135 uid != tcred->suid ||
134 uid != task->suid || 136 uid != tcred->uid ||
135 uid != task->uid || 137 gid != tcred->egid ||
136 gid != task->egid || 138 gid != tcred->sgid ||
137 gid != task->sgid || 139 gid != tcred->gid) && !capable(CAP_SYS_PTRACE))
138 gid != task->gid) && !capable(CAP_SYS_PTRACE))
139 return -EPERM; 140 return -EPERM;
140 smp_rmb(); 141 smp_rmb();
141 if (task->mm) 142 if (task->mm)