diff options
author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:16 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:16 -0500 |
commit | b6dff3ec5e116e3af6f537d4caedcad6b9e5082a (patch) | |
tree | 9e76f972eb7ce9b84e0146c8e4126a3f86acb428 /kernel/ptrace.c | |
parent | 15a2460ed0af7538ca8e6c610fe607a2cd9da142 (diff) |
CRED: Separate task security context from task_struct
Separate the task security context from task_struct. At this point, the
security data is temporarily embedded in the task_struct with two pointers
pointing to it.
Note that the Alpha arch is altered as it refers to (E)UID and (E)GID in
entry.S via asm-offsets.
With comment fixes Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'kernel/ptrace.c')
-rw-r--r-- | kernel/ptrace.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/kernel/ptrace.c b/kernel/ptrace.c index 937f6b5b2008..49849d12dd12 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c | |||
@@ -115,6 +115,8 @@ int ptrace_check_attach(struct task_struct *child, int kill) | |||
115 | 115 | ||
116 | int __ptrace_may_access(struct task_struct *task, unsigned int mode) | 116 | int __ptrace_may_access(struct task_struct *task, unsigned int mode) |
117 | { | 117 | { |
118 | struct cred *cred = current->cred, *tcred = task->cred; | ||
119 | |||
118 | /* May we inspect the given task? | 120 | /* May we inspect the given task? |
119 | * This check is used both for attaching with ptrace | 121 | * This check is used both for attaching with ptrace |
120 | * and for allowing access to sensitive information in /proc. | 122 | * and for allowing access to sensitive information in /proc. |
@@ -123,19 +125,18 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode) | |||
123 | * because setting up the necessary parent/child relationship | 125 | * because setting up the necessary parent/child relationship |
124 | * or halting the specified task is impossible. | 126 | * or halting the specified task is impossible. |
125 | */ | 127 | */ |
126 | uid_t uid; | 128 | uid_t uid = cred->uid; |
127 | gid_t gid; | 129 | gid_t gid = cred->gid; |
128 | int dumpable = 0; | 130 | int dumpable = 0; |
129 | /* Don't let security modules deny introspection */ | 131 | /* Don't let security modules deny introspection */ |
130 | if (task == current) | 132 | if (task == current) |
131 | return 0; | 133 | return 0; |
132 | current_uid_gid(&uid, &gid); | 134 | if ((uid != tcred->euid || |
133 | if ((uid != task->euid || | 135 | uid != tcred->suid || |
134 | uid != task->suid || | 136 | uid != tcred->uid || |
135 | uid != task->uid || | 137 | gid != tcred->egid || |
136 | gid != task->egid || | 138 | gid != tcred->sgid || |
137 | gid != task->sgid || | 139 | gid != tcred->gid) && !capable(CAP_SYS_PTRACE)) |
138 | gid != task->gid) && !capable(CAP_SYS_PTRACE)) | ||
139 | return -EPERM; | 140 | return -EPERM; |
140 | smp_rmb(); | 141 | smp_rmb(); |
141 | if (task->mm) | 142 | if (task->mm) |