ptrace: do not audit capability check when outputing /proc/pid/stat

author Eric Paris <eparis@redhat.com>

Tue, 3 Jan 2012 17:25:15 +0000 (12:25 -0500)

committer Eric Paris <eparis@redhat.com>

Thu, 5 Jan 2012 23:53:00 +0000 (18:53 -0500)
author Eric Paris <eparis@redhat.com>
Tue, 3 Jan 2012 17:25:15 +0000 (12:25 -0500)
committer Eric Paris <eparis@redhat.com>
Thu, 5 Jan 2012 23:53:00 +0000 (18:53 -0500)
diff --git a/fs/proc/array.c b/fs/proc/array.c

index 3a1dafd..ddffd7a 100644 (file)
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -380,7 +380,7 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
  
         state = *get_task_state(task);
         vsize = eip = esp = 0;
-       permitted = ptrace_may_access(task, PTRACE_MODE_READ);
+       permitted = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT);
         mm = get_task_mm(task);
         if (mm) {
                 vsize = task_vsize(mm);
diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h

index 800f113..a27e56c 100644 (file)
--- a/include/linux/ptrace.h
+++ b/include/linux/ptrace.h
@@ -127,8 +127,9 @@ extern void __ptrace_link(struct task_struct *child,
                           struct task_struct *new_parent);
  extern void __ptrace_unlink(struct task_struct *child);
  extern void exit_ptrace(struct task_struct *tracer);
-#define PTRACE_MODE_READ   1
-#define PTRACE_MODE_ATTACH 2
+#define PTRACE_MODE_READ       0x01
+#define PTRACE_MODE_ATTACH     0x02
+#define PTRACE_MODE_NOAUDIT    0x04
  /* Returns 0 on success, -errno on denial. */
  extern int __ptrace_may_access(struct task_struct *task, unsigned int mode);
  /* Returns true on success, false on denial. */
diff --git a/kernel/ptrace.c b/kernel/ptrace.c

index 210bbf0..c890ac9 100644 (file)
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -161,6 +161,14 @@ int ptrace_check_attach(struct task_struct *child, bool ignore_state)
         return ret;
  }
  
+static int ptrace_has_cap(struct user_namespace *ns, unsigned int mode)
+{
+       if (mode & PTRACE_MODE_NOAUDIT)
+               return has_ns_capability_noaudit(current, ns, CAP_SYS_PTRACE);
+       else
+               return has_ns_capability(current, ns, CAP_SYS_PTRACE);
+}
+
  int __ptrace_may_access(struct task_struct *task, unsigned int mode)
  {
         const struct cred *cred = current_cred(), *tcred;
@@ -187,7 +195,7 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode)
              cred->gid == tcred->sgid &&
              cred->gid == tcred->gid))
                 goto ok;
-       if (ns_capable(tcred->user->user_ns, CAP_SYS_PTRACE))
+       if (ptrace_has_cap(tcred->user->user_ns, mode))
                 goto ok;
         rcu_read_unlock();
         return -EPERM;
@@ -196,7 +204,7 @@ ok:
         smp_rmb();
         if (task->mm)
                 dumpable = get_dumpable(task->mm);
-       if (!dumpable && !ns_capable(task_user_ns(task), CAP_SYS_PTRACE))
+       if (!dumpable  && !ptrace_has_cap(task_user_ns(task), mode))
                 return -EPERM;
  
         return security_ptrace_access_check(task, mode);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c

index c9605c4..14f94cd 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1809,7 +1809,7 @@ static int selinux_ptrace_access_check(struct task_struct *child,
         if (rc)
                 return rc;
  
-       if (mode == PTRACE_MODE_READ) {
+       if (mode & PTRACE_MODE_READ) {
                 u32 sid = current_sid();
                 u32 csid = task_sid(child);
                 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
author	Eric Paris <eparis@redhat.com>
	Tue, 3 Jan 2012 17:25:15 +0000 (12:25 -0500)
committer	Eric Paris <eparis@redhat.com>
	Thu, 5 Jan 2012 23:53:00 +0000 (18:53 -0500)
fs/proc/array.c		patch \| blob \| history
include/linux/ptrace.h		patch \| blob \| history
kernel/ptrace.c		patch \| blob \| history
security/selinux/hooks.c		patch \| blob \| history