diff options
authorMark Grondona <mgrondona@llnl.gov>2013-09-11 14:24:31 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2013-09-11 15:59:01 -0700
commit73af963f9f3036dffed55c3a2898598186db1045 (patch)
parentb4c1107cc962613ea3572e5abba861a35d494b98 (diff)
__ptrace_may_access() should not deny sub-threads
__ptrace_may_access() checks get_dumpable/ptrace_has_cap/etc if task != current, this can can lead to surprising results. For example, a sub-thread can't readlink("/proc/self/exe") if the executable is not readable. setup_new_exec()->would_dump() notices that inode_permission(MAY_READ) fails and then it does set_dumpable(suid_dumpable). After that get_dumpable() fails. (It is not clear why proc_pid_readlink() checks get_dumpable(), perhaps we could add PTRACE_MODE_NODUMPABLE) Change __ptrace_may_access() to use same_thread_group() instead of "task == current". Any security check is pointless when the tasks share the same ->mm. Signed-off-by: Mark Grondona <mgrondona@llnl.gov> Signed-off-by: Ben Woodard <woodard@redhat.com> Signed-off-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index a146ee327f6..dd562e9aa2c 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -236,7 +236,7 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
int dumpable = 0;
/* Don't let security modules deny introspection */
- if (task == current)
+ if (same_thread_group(task, current))
return 0;
tcred = __task_cred(task);