commit 341c2d806b71cc3596afeb2d9bd26cd718e75202 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

[PATCH] selinux: tracer SID fix

Fix SELinux to not reset the tracer SID when the child is already being
traced, since selinux_ptrace is also called by proc for access checking
outside of the context of a ptrace attach.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

authored by Stephen Smalley and committed by Linus Torvalds 20 years ago 341c2d80 4136cabf

+1 -1

1 changed file

expand all

unified split

security

selinux

hooks.c

+1 -1

security/selinux/hooks.c

··· 1262 1263 rc = task_has_perm(parent, child, PROCESS__PTRACE); 1264 /* Save the SID of the tracing process for later use in apply_creds. */ 1265 - if (!rc) 1266 csec->ptrace_sid = psec->sid; 1267 return rc; 1268 }

··· 1262 1263 rc = task_has_perm(parent, child, PROCESS__PTRACE); 1264 /* Save the SID of the tracing process for later use in apply_creds. */ 1265 + if (!(child->ptrace & PT_PTRACED) && !rc) 1266 csec->ptrace_sid = psec->sid; 1267 return rc; 1268 }