Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

yama: Better permission check for ptraceme

Change the permission check for yama_ptrace_ptracee to the standard
ptrace permission check, testing if the traceer has CAP_SYS_PTRACE
in the tracees user namespace.

Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Eric W. Biederman 12 years ago
parent
751c644b95
commit
eddc0a3abf
1 changed files with 1 additions and 3 deletions
Split View Show Diff Stats
  1. 1 3
      security/yama/yama_lsm.c

+ 1 - 3
security/yama/yama_lsm.c
View File 

@@ -347,10 +347,8 @@ int yama_ptrace_traceme(struct task_struct *parent)
 
 	/* Only disallow PTRACE_TRACEME on more aggressive settings. */
 
 	switch (ptrace_scope) {
 
 	case YAMA_SCOPE_CAPABILITY:
 
-		rcu_read_lock();
 
-		if (!ns_capable(__task_cred(parent)->user_ns, CAP_SYS_PTRACE))
 
+		if (!has_ns_capability(parent, current_user_ns(), CAP_SYS_PTRACE))
 
 			rc = -EPERM;
 
-		rcu_read_unlock();
 
 		break;
 
 	case YAMA_SCOPE_NO_ATTACH:
 
 		rc = -EPERM;