summaryrefslogtreecommitdiffstats
path: root/include/linux/security.h
diff options
context:
space:
mode:
authorKees Cook2012-08-10 04:01:26 +0200
committerJames Morris2012-08-10 11:58:07 +0200
commit9d8dad742ad1c74d7e7210ee05d0b44961d5ea16 (patch)
treeb1e738bf17987552cdace2695d8b77328dc29bcf /include/linux/security.h
parentMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net (diff)
downloadkernel-qcow2-linux-9d8dad742ad1c74d7e7210ee05d0b44961d5ea16.tar.gz
kernel-qcow2-linux-9d8dad742ad1c74d7e7210ee05d0b44961d5ea16.tar.xz
kernel-qcow2-linux-9d8dad742ad1c74d7e7210ee05d0b44961d5ea16.zip
Yama: higher restrictions should block PTRACE_TRACEME
The higher ptrace restriction levels should be blocking even PTRACE_TRACEME requests. The comments in the LSM documentation are misleading about when the checks happen (the parent does not go through security_ptrace_access_check() on a PTRACE_TRACEME call). Signed-off-by: Kees Cook <keescook@chromium.org> Cc: stable@vger.kernel.org # 3.5.x and later Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'include/linux/security.h')
-rw-r--r--include/linux/security.h2
1 files changed, 0 insertions, 2 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 4e5a73cdbbef..3dea6a9d568f 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1242,8 +1242,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* Check that the @parent process has sufficient permission to trace the
* current process before allowing the current process to present itself
* to the @parent process for tracing.
- * The parent process will still have to undergo the ptrace_access_check
- * checks before it is allowed to trace this one.
* @parent contains the task_struct structure for debugger process.
* Return 0 if permission is granted.
* @capget: