diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2017-12-19 23:35:38 +0000 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2018-01-01 20:51:04 +0000 |
commit | 9015cf5eb1447b3d06d8fcd240ba5475ce0e3773 (patch) | |
tree | 5978f0001b3a69eb3ac1929a512c28374b54d0d2 | |
parent | 13b86808f7fabea496c02131f49fec46a84fb3c9 (diff) | |
download | linux-stable-9015cf5eb1447b3d06d8fcd240ba5475ce0e3773.tar.gz linux-stable-9015cf5eb1447b3d06d8fcd240ba5475ce0e3773.tar.bz2 linux-stable-9015cf5eb1447b3d06d8fcd240ba5475ce0e3773.zip |
security: Fix mode test in selinux_ptrace_access_check()
Commit 1c8d42255f4c "ptrace: use fsuid, fsgid, effective creds for fs access
checks" added flags to the ptrace mode which need to be ignored here.
This change was made upstream in 3.3 as part of commit 69f594a38967
"ptrace: do not audit capability check when outputing /proc/pid/stat", but
that's probably not suitable for stable due to its dependencies.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
-rw-r--r-- | security/selinux/hooks.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4c6a34700d49..ad1cb35012af 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1845,7 +1845,7 @@ static int selinux_ptrace_access_check(struct task_struct *child, if (rc) return rc; - if (mode == PTRACE_MODE_READ) { + if (mode & PTRACE_MODE_READ) { u32 sid = current_sid(); u32 csid = task_sid(child); return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL); |