| commit | 9d8dad742ad1c74d7e7210ee05d0b44961d5ea16 | |
| author | Kees Cook <keescook@chromium.org> | |
| Fri, 10 Aug 2012 02:01:26 +0000 (9 19:01 -0700) | ||
| committer | James Morris <james.l.morris@oracle.com> | |
| Fri, 10 Aug 2012 09:58:07 +0000 (10 19:58 +1000) | ||
| tree | b1e738bf17987552cdace2695d8b77328dc29bcf | treesnapshot (tar.gz zip) |
| parent | f4ba394c1b02e7fc2179fda8d3941a5b3b65efb6 | commitdiff |
Yama: higher restrictions should block PTRACE_TRACEME
The higher ptrace restriction levels should be blocking even
PTRACE_TRACEME requests. The comments in the LSM documentation are
misleading about when the checks happen (the parent does not go through
security_ptrace_access_check() on a PTRACE_TRACEME call).
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org # 3.5.x and later
Signed-off-by: James Morris <james.l.morris@oracle.com>
The higher ptrace restriction levels should be blocking even
PTRACE_TRACEME requests. The comments in the LSM documentation are
misleading about when the checks happen (the parent does not go through
security_ptrace_access_check() on a PTRACE_TRACEME call).
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org # 3.5.x and later
Signed-off-by: James Morris <james.l.morris@oracle.com>
| Documentation/security/Yama.txt | diffblobblamehistory | |
| include/linux/security.h | diffblobblamehistory | |
| security/yama/yama_lsm.c | diffblobblamehistory |