summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorCasey Schaufler <casey.schaufler@intel.com>2018-09-18 16:09:16 -0700
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2018-11-13 11:08:36 -0800
commit7a478552b563d7c66525c2d6274bb9f1e030d6db (patch)
tree9103d9be8145f0289288660ea85471f79a0b8011 /security
parenteb4a3faebfd113482ea3c266f7d30e13f7d56848 (diff)
downloadlinux-stable-7a478552b563d7c66525c2d6274bb9f1e030d6db.tar.gz
linux-stable-7a478552b563d7c66525c2d6274bb9f1e030d6db.tar.bz2
linux-stable-7a478552b563d7c66525c2d6274bb9f1e030d6db.zip
Smack: ptrace capability use fixes
[ Upstream commit dcb569cf6ac99ca899b8109c128b6ae52477a015 ] This fixes a pair of problems in the Smack ptrace checks related to checking capabilities. In both cases, as reported by Lukasz Pawelczyk, the raw capability calls are used rather than the Smack wrapper that check addition restrictions. In one case, as reported by Jann Horn, the wrong task is being checked for capabilities. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'security')
-rw-r--r--security/smack/smack_lsm.c13
1 files changed, 10 insertions, 3 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 340fc30ad85d..70d3066e69fe 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -421,6 +421,7 @@ static int smk_ptrace_rule_check(struct task_struct *tracer,
struct smk_audit_info ad, *saip = NULL;
struct task_smack *tsp;
struct smack_known *tracer_known;
+ const struct cred *tracercred;
if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
@@ -429,7 +430,8 @@ static int smk_ptrace_rule_check(struct task_struct *tracer,
}
rcu_read_lock();
- tsp = __task_cred(tracer)->security;
+ tracercred = __task_cred(tracer);
+ tsp = tracercred->security;
tracer_known = smk_of_task(tsp);
if ((mode & PTRACE_MODE_ATTACH) &&
@@ -439,7 +441,7 @@ static int smk_ptrace_rule_check(struct task_struct *tracer,
rc = 0;
else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
rc = -EACCES;
- else if (capable(CAP_SYS_PTRACE))
+ else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
rc = 0;
else
rc = -EACCES;
@@ -1841,6 +1843,7 @@ static int smack_file_send_sigiotask(struct task_struct *tsk,
{
struct smack_known *skp;
struct smack_known *tkp = smk_of_task(tsk->cred->security);
+ const struct cred *tcred;
struct file *file;
int rc;
struct smk_audit_info ad;
@@ -1854,8 +1857,12 @@ static int smack_file_send_sigiotask(struct task_struct *tsk,
skp = file->f_security;
rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
- if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
+
+ rcu_read_lock();
+ tcred = __task_cred(tsk);
+ if (rc != 0 && smack_privileged_cred(CAP_MAC_OVERRIDE, tcred))
rc = 0;
+ rcu_read_unlock();
smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
smk_ad_setfield_u_tsk(&ad, tsk);