[patch 7/7] BSD Secure Levels: remove redundant ptrace check
From: Michael Halcrow
Date: Tue May 17 2005 - 10:36:48 EST
This is the seventh in a series of seven patches to the BSD Secure
Levels LSM. It removes the ptrace check because it is redundant with
the check made in kernel/ptrace.c. Thanks for Brad Spengler for this
suggestion.
Signed off by: Michael Halcrow <mhalcrow@xxxxxxxxxx>
Index: linux-2.6.12-rc4-mm2-seclvl/security/seclvl.c
===================================================================
--- linux-2.6.12-rc4-mm2-seclvl.orig/security/seclvl.c 2005-05-16 16:31:36.000000000 -0500
+++ linux-2.6.12-rc4-mm2-seclvl/security/seclvl.c 2005-05-16 16:33:01.000000000 -0500
@@ -396,23 +396,6 @@
seclvl_write_passwd);
/**
- * Explicitely disallow ptrace'ing the init process.
- */
-static int seclvl_ptrace(struct task_struct *parent, struct task_struct *child)
-{
- if (seclvl >= 0) {
- if (child->pid == 1) {
- seclvl_printk(1, KERN_WARNING "%s: Attempt to ptrace "
- "the init process dissallowed in "
- "secure level %d\n", __FUNCTION__,
- seclvl);
- return -EPERM;
- }
- }
- return 0;
-}
-
-/**
* Capability checks for seclvl. The majority of the policy
* enforcement for seclvl takes place here.
*/
@@ -631,7 +614,6 @@
}
static struct security_operations seclvl_ops = {
- .ptrace = seclvl_ptrace,
.capable = seclvl_capable,
.file_permission = seclvl_file_permission,
.inode_setattr = seclvl_inode_setattr,
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/