security: Fix mode test in selinux_ptrace_access_check()

Commit 1c8d42255f4c "ptrace: use fsuid, fsgid, effective creds for fs access checks" added flags to the ptrace mode which need to be ignored here. This change was made upstream in 3.3 as part of commit 69f594a38967 "ptrace: do not audit capability check when outputing /proc/pid/stat", but that's probably not suitable for stable due to its dependencies. Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
author: Ben Hutchings <ben@decadent.org.uk> 2017-12-19 23:35:38 +0000
committer: Ben Hutchings <ben@decadent.org.uk> 2018-01-01 20:51:04 +0000
commit: 9015cf5eb1447b3d06d8fcd240ba5475ce0e3773 (patch)
tree: 5978f0001b3a69eb3ac1929a512c28374b54d0d2
parent: 13b86808f7fabea496c02131f49fec46a84fb3c9 (diff)
download: linux-stable-9015cf5eb1447b3d06d8fcd240ba5475ce0e3773.tar.gz
linux-stable-9015cf5eb1447b3d06d8fcd240ba5475ce0e3773.tar.bz2
linux-stable-9015cf5eb1447b3d06d8fcd240ba5475ce0e3773.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 4c6a34700d49..ad1cb35012af 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1845,7 +1845,7 @@ static int selinux_ptrace_access_check(struct task_struct *child,
 	if (rc)
 		return rc;
 
-	if (mode == PTRACE_MODE_READ) {
+	if (mode & PTRACE_MODE_READ) {
 		u32 sid = current_sid();
 		u32 csid = task_sid(child);
 		return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
author	Ben Hutchings <ben@decadent.org.uk>	2017-12-19 23:35:38 +0000
committer	Ben Hutchings <ben@decadent.org.uk>	2018-01-01 20:51:04 +0000
commit	9015cf5eb1447b3d06d8fcd240ba5475ce0e3773 (patch)
tree	5978f0001b3a69eb3ac1929a512c28374b54d0d2
parent	13b86808f7fabea496c02131f49fec46a84fb3c9 (diff)
download	linux-stable-9015cf5eb1447b3d06d8fcd240ba5475ce0e3773.tar.gz linux-stable-9015cf5eb1447b3d06d8fcd240ba5475ce0e3773.tar.bz2 linux-stable-9015cf5eb1447b3d06d8fcd240ba5475ce0e3773.zip