Piteball
/
android_kernel_samsung_msm8226
mirror of https://github.com/S3NEO/android_kernel_samsung_msm8226.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

__ptrace_may_access() should not deny sub-threads 

(cherry pick from commit 73af963f9f3036dffed55c3a2898598186db1045)

__ptrace_may_access() checks get_dumpable/ptrace_has_cap/etc if task !=
current, this can can lead to surprising results.

For example, a sub-thread can't readlink("/proc/self/exe") if the
executable is not readable.  setup_new_exec()->would_dump() notices that
inode_permission(MAY_READ) fails and then it does
set_dumpable(suid_dumpable).  After that get_dumpable() fails.

(It is not clear why proc_pid_readlink() checks get_dumpable(), perhaps we
could add PTRACE_MODE_NODUMPABLE)

Change __ptrace_may_access() to use same_thread_group() instead of "task
== current".  Any security check is pointless when the tasks share the
same ->mm.

Signed-off-by: Mark Grondona <mgrondona@llnl.gov>
Signed-off-by: Ben Woodard <woodard@redhat.com>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Bug: 26016905
Change-Id: If9e2a0eb3339d26d50a9d84671a189fe405f36a3
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
This commit is contained in:
Mark Grondona 2013-09-11 14:24:31 -07:00 committed by Francescodario Cuzzocrea
parent 5f6c10a1b7
commit ede48dc7fa
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
kernel/ptrace.c
View File

@ -233,7 +233,7 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode)
*/
int dumpable = 0;
/* Don't let security modules deny introspection */
if (task == current)
if (same_thread_group(task, current))
return 0;
rcu_read_lock();
tcred = __task_cred(task);