[PATCH] security: fix capability bug

From: Ram Gupta
Date: Fri Mar 10 2006 - 14:48:03 EST

Next message: Carlos Munoz: "Re: How can I link the kernel with libgcc ?"
Previous message: Guennadi Liakhovetski: "Re: [Alsa-user] arecord under 2.6.15.4-rt17 ->overruns..."
Next in thread: Chris Wright: "Re: [PATCH] security: fix capability bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This patch fixes a bug of ptrace for PTRACE_TRACEME request. In this
case the call is made by the child process & code needs to check the
capabilty of the parent process to trace the child process but code
incorrectly makes check for the child process. Please apply

Signed-off-by: Ram Gupta <ram.gupta5@xxxxxxxxx>
----
-- linux-2.6.15.6-rg/security/commoncap.c.orig 2006-03-10
13:22:26.000000000 +0000
+++ linux-2.6.15.6-rg/security/commoncap.c 2006-03-10
13:26:45.000000000 +0000
@@ -59,9 +59,13 @@ int cap_settime(struct timespec *ts, str
int cap_ptrace (struct task_struct *parent, struct task_struct *child)
{
/* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */
- if (!cap_issubset (child->cap_permitted, current->cap_permitted) &&
- !capable(CAP_SYS_PTRACE))
- return -EPERM;
+ if (!cap_issubset (child->cap_permitted, parent->cap_permitted)){
+ if(!cap_capable(parent,CAP_SYS_PTRACE)){
+ parent->flags |= PF_SUPERPRIV;
+ }
+ else
+ return -EPERM;
+ }
return 0;
}

regards
Ram Gupta
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Carlos Munoz: "Re: How can I link the kernel with libgcc ?"
Previous message: Guennadi Liakhovetski: "Re: [Alsa-user] arecord under 2.6.15.4-rt17 ->overruns..."
Next in thread: Chris Wright: "Re: [PATCH] security: fix capability bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]