Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (25 commits) security: remove register_security hook security: remove dummy module fix security: remove dummy module security: remove unused sb_get_mnt_opts hook LSM/SELinux: show LSM mount options in /proc/mounts SELinux: allow fstype unknown to policy to use xattrs if present security: fix return of void-valued expressions SELinux: use do_each_thread as a proper do/while block SELinux: remove unused and shadowed addrlen variable SELinux: more user friendly unknown handling printk selinux: change handling of invalid classes (Was: Re: 2.6.26-rc5-mm1 selinux whine) SELinux: drop load_mutex in security_load_policy SELinux: fix off by 1 reference of class_to_string in context_struct_compute_av SELinux: open code sidtab lock SELinux: open code load_mutex SELinux: open code policy_rwlock selinux: fix endianness bug in network node address handling selinux: simplify ioctl checking SELinux: enable processes with mac_admin to get the raw inode contexts Security: split proc ptrace checking into read vs. attach ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2008-07-14 16:36:55 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2008-07-14 16:36:55 -0400
commit: 847106ff628805e1a0aa91e7f53381f3fdfcd839 (patch)
tree: 457c8d6a5ff20f4d0f28634a196f92273298e49e /kernel
parent: c142bda458a9c81097238800e1bd8eeeea09913d (diff)
parent: 6f0f0fd496333777d53daff21a4e3b28c4d03a6d (diff)
1 files changed, 8 insertions, 7 deletions
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index 6c19e94fd0a5..e337390fce01 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -121,7 +121,7 @@ int ptrace_check_attach(struct task_struct *child, int kill)
        return ret;
 }
-int __ptrace_may_attach(struct task_struct *task)
+int __ptrace_may_access(struct task_struct *task, unsigned int mode)
 {
        /* May we inspect the given task?
         * This check is used both for attaching with ptrace
@@ -148,16 +148,16 @@ int __ptrace_may_attach(struct task_struct *task)
        if (!dumpable && !capable(CAP_SYS_PTRACE))
                return -EPERM;
-        return security_ptrace(current, task);
+        return security_ptrace(current, task, mode);
 }
-int ptrace_may_attach(struct task_struct *task)
+bool ptrace_may_access(struct task_struct *task, unsigned int mode)
 {
        int err;
        task_lock(task);
-        err = __ptrace_may_attach(task);
+        err = __ptrace_may_access(task, mode);
        task_unlock(task);
-        return !err;
+        return (!err ? true : false);
 }
 int ptrace_attach(struct task_struct *task)
@@ -195,7 +195,7 @@ repeat:
        /* the same process cannot be attached many times */
        if (task->ptrace & PT_PTRACED)
                goto bad;
-        retval = __ptrace_may_attach(task);
+        retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH);
        if (retval)
                goto bad;
@@ -494,7 +494,8 @@ int ptrace_traceme(void)
         */
        task_lock(current);
        if (!(current->ptrace & PT_PTRACED)) {
-                ret = security_ptrace(current->parent, current);
+                ret = security_ptrace(current->parent, current,
+                                      PTRACE_MODE_ATTACH);
                /*
                 * Set the ptrace bit in the process ptrace flags.
                 */
author	Linus Torvalds <torvalds@linux-foundation.org>	2008-07-14 16:36:55 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2008-07-14 16:36:55 -0400
commit	847106ff628805e1a0aa91e7f53381f3fdfcd839 (patch)
tree	457c8d6a5ff20f4d0f28634a196f92273298e49e /kernel
parent	c142bda458a9c81097238800e1bd8eeeea09913d (diff)
parent	6f0f0fd496333777d53daff21a4e3b28c4d03a6d (diff)