summaryrefslogtreecommitdiff
path: root/kernel
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2008-07-14 13:36:55 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2008-07-14 13:36:55 -0700
commit847106ff628805e1a0aa91e7f53381f3fdfcd839 (patch)
tree457c8d6a5ff20f4d0f28634a196f92273298e49e /kernel
parentc142bda458a9c81097238800e1bd8eeeea09913d (diff)
parent6f0f0fd496333777d53daff21a4e3b28c4d03a6d (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (25 commits) security: remove register_security hook security: remove dummy module fix security: remove dummy module security: remove unused sb_get_mnt_opts hook LSM/SELinux: show LSM mount options in /proc/mounts SELinux: allow fstype unknown to policy to use xattrs if present security: fix return of void-valued expressions SELinux: use do_each_thread as a proper do/while block SELinux: remove unused and shadowed addrlen variable SELinux: more user friendly unknown handling printk selinux: change handling of invalid classes (Was: Re: 2.6.26-rc5-mm1 selinux whine) SELinux: drop load_mutex in security_load_policy SELinux: fix off by 1 reference of class_to_string in context_struct_compute_av SELinux: open code sidtab lock SELinux: open code load_mutex SELinux: open code policy_rwlock selinux: fix endianness bug in network node address handling selinux: simplify ioctl checking SELinux: enable processes with mac_admin to get the raw inode contexts Security: split proc ptrace checking into read vs. attach ...
Diffstat (limited to 'kernel')
-rw-r--r--kernel/ptrace.c15
1 files changed, 8 insertions, 7 deletions
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index 6c19e94fd0a5..e337390fce01 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -121,7 +121,7 @@ int ptrace_check_attach(struct task_struct *child, int kill)
return ret;
}
-int __ptrace_may_attach(struct task_struct *task)
+int __ptrace_may_access(struct task_struct *task, unsigned int mode)
{
/* May we inspect the given task?
* This check is used both for attaching with ptrace
@@ -148,16 +148,16 @@ int __ptrace_may_attach(struct task_struct *task)
if (!dumpable && !capable(CAP_SYS_PTRACE))
return -EPERM;
- return security_ptrace(current, task);
+ return security_ptrace(current, task, mode);
}
-int ptrace_may_attach(struct task_struct *task)
+bool ptrace_may_access(struct task_struct *task, unsigned int mode)
{
int err;
task_lock(task);
- err = __ptrace_may_attach(task);
+ err = __ptrace_may_access(task, mode);
task_unlock(task);
- return !err;
+ return (!err ? true : false);
}
int ptrace_attach(struct task_struct *task)
@@ -195,7 +195,7 @@ repeat:
/* the same process cannot be attached many times */
if (task->ptrace & PT_PTRACED)
goto bad;
- retval = __ptrace_may_attach(task);
+ retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH);
if (retval)
goto bad;
@@ -494,7 +494,8 @@ int ptrace_traceme(void)
*/
task_lock(current);
if (!(current->ptrace & PT_PTRACED)) {
- ret = security_ptrace(current->parent, current);
+ ret = security_ptrace(current->parent, current,
+ PTRACE_MODE_ATTACH);
/*
* Set the ptrace bit in the process ptrace flags.
*/