__ptrace_may_access() should not deny sub-threads
(cherry pick from commit 73af963f9f3036dffed55c3a2898598186db1045) __ptrace_may_access() checks get_dumpable/ptrace_has_cap/etc if task != current, this can can lead to surprising results. For example, a sub-thread can't readlink("/proc/self/exe") if the executable is not readable. setup_new_exec()->would_dump() notices that inode_permission(MAY_READ) fails and then it does set_dumpable(suid_dumpable). After that get_dumpable() fails. (It is not clear why proc_pid_readlink() checks get_dumpable(), perhaps we could add PTRACE_MODE_NODUMPABLE) Change __ptrace_may_access() to use same_thread_group() instead of "task == current". Any security check is pointless when the tasks share the same ->mm. Signed-off-by: Mark Grondona <mgrondona@llnl.gov> Signed-off-by: Ben Woodard <woodard@redhat.com> Signed-off-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Bug: 26016905 Change-Id: If9e2a0eb3339d26d50a9d84671a189fe405f36a3 Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
This commit is contained in:
parent
5f6c10a1b7
commit
ede48dc7fa
|
@ -233,7 +233,7 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode)
|
|||
*/
|
||||
int dumpable = 0;
|
||||
/* Don't let security modules deny introspection */
|
||||
if (task == current)
|
||||
if (same_thread_group(task, current))
|
||||
return 0;
|
||||
rcu_read_lock();
|
||||
tcred = __task_cred(task);
|
||||
|
|
Loading…
Reference in New Issue