git.openpandora.org
/
pandora-kernel.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
[pandora-kernel.git]
/
security
/
commoncap.c
diff --git
a/security/commoncap.c
b/security/commoncap.c
index
0aee106
..
7790e48
100644
(file)
--- a/
security/commoncap.c
+++ b/
security/commoncap.c
@@
-28,6
+28,7
@@
#include <linux/prctl.h>
#include <linux/securebits.h>
#include <linux/user_namespace.h>
#include <linux/prctl.h>
#include <linux/securebits.h>
#include <linux/user_namespace.h>
+#include <linux/personality.h>
/*
* If a non-root user executes a setuid-root binary in
/*
* If a non-root user executes a setuid-root binary in
@@
-140,12
+141,17
@@
int cap_ptrace_access_check(struct task_struct *child, unsigned int mode)
{
int ret = 0;
const struct cred *cred, *child_cred;
{
int ret = 0;
const struct cred *cred, *child_cred;
+ const kernel_cap_t *caller_caps;
rcu_read_lock();
cred = current_cred();
child_cred = __task_cred(child);
rcu_read_lock();
cred = current_cred();
child_cred = __task_cred(child);
+ if (mode & PTRACE_MODE_FSCREDS)
+ caller_caps = &cred->cap_effective;
+ else
+ caller_caps = &cred->cap_permitted;
if (cred->user->user_ns == child_cred->user->user_ns &&
if (cred->user->user_ns == child_cred->user->user_ns &&
- cap_issubset(child_cred->cap_permitted,
cred->cap_permitted
))
+ cap_issubset(child_cred->cap_permitted,
*caller_caps
))
goto out;
if (ns_capable(child_cred->user->user_ns, CAP_SYS_PTRACE))
goto out;
goto out;
if (ns_capable(child_cred->user->user_ns, CAP_SYS_PTRACE))
goto out;
@@
-980,3
+986,4
@@
int cap_file_mmap(struct file *file, unsigned long reqprot,
}
return ret;
}
}
return ret;
}
+EXPORT_SYMBOL(cap_file_mmap);