diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-08-15 18:32:13 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-08-15 18:32:13 -0400 |
| commit | 71ef2a46fce43042a60d7ccbf55ecbd789c03c2e (patch) | |
| tree | 247c3e25958ff362b8a7b5b735a1e7d2ef6842c7 /kernel | |
| parent | d121db94eb50b29a202b5f6a8671cbebdf2c4142 (diff) | |
| parent | 5cd9c58fbe9ec92b45b27e131719af4f2bd9eb40 (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
security: Fix setting of PF_SUPERPRIV by __capable()
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/capability.c | 21 | ||||
| -rw-r--r-- | kernel/ptrace.c | 5 |
2 files changed, 15 insertions, 11 deletions
diff --git a/kernel/capability.c b/kernel/capability.c index 0101e847603e..33e51e78c2d8 100644 --- a/kernel/capability.c +++ b/kernel/capability.c | |||
| @@ -486,17 +486,22 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data) | |||
| 486 | return ret; | 486 | return ret; |
| 487 | } | 487 | } |
| 488 | 488 | ||
| 489 | int __capable(struct task_struct *t, int cap) | 489 | /** |
| 490 | * capable - Determine if the current task has a superior capability in effect | ||
| 491 | * @cap: The capability to be tested for | ||
| 492 | * | ||
| 493 | * Return true if the current task has the given superior capability currently | ||
| 494 | * available for use, false if not. | ||
| 495 | * | ||
| 496 | * This sets PF_SUPERPRIV on the task if the capability is available on the | ||
| 497 | * assumption that it's about to be used. | ||
| 498 | */ | ||
| 499 | int capable(int cap) | ||
| 490 | { | 500 | { |
| 491 | if (security_capable(t, cap) == 0) { | 501 | if (has_capability(current, cap)) { |
| 492 | t->flags |= PF_SUPERPRIV; | 502 | current->flags |= PF_SUPERPRIV; |
| 493 | return 1; | 503 | return 1; |
| 494 | } | 504 | } |
| 495 | return 0; | 505 | return 0; |
| 496 | } | 506 | } |
| 497 | |||
| 498 | int capable(int cap) | ||
| 499 | { | ||
| 500 | return __capable(current, cap); | ||
| 501 | } | ||
| 502 | EXPORT_SYMBOL(capable); | 507 | EXPORT_SYMBOL(capable); |
diff --git a/kernel/ptrace.c b/kernel/ptrace.c index 082b3fcb32a0..356699a96d56 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c | |||
| @@ -140,7 +140,7 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode) | |||
| 140 | if (!dumpable && !capable(CAP_SYS_PTRACE)) | 140 | if (!dumpable && !capable(CAP_SYS_PTRACE)) |
| 141 | return -EPERM; | 141 | return -EPERM; |
| 142 | 142 | ||
| 143 | return security_ptrace(current, task, mode); | 143 | return security_ptrace_may_access(task, mode); |
| 144 | } | 144 | } |
| 145 | 145 | ||
| 146 | bool ptrace_may_access(struct task_struct *task, unsigned int mode) | 146 | bool ptrace_may_access(struct task_struct *task, unsigned int mode) |
| @@ -499,8 +499,7 @@ repeat: | |||
| 499 | goto repeat; | 499 | goto repeat; |
| 500 | } | 500 | } |
| 501 | 501 | ||
| 502 | ret = security_ptrace(current->parent, current, | 502 | ret = security_ptrace_traceme(current->parent); |
| 503 | PTRACE_MODE_ATTACH); | ||
| 504 | 503 | ||
| 505 | /* | 504 | /* |
| 506 | * Set the ptrace bit in the process ptrace flags. | 505 | * Set the ptrace bit in the process ptrace flags. |