Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Yama: allow access for the current ptrace parent

Under ptrace_scope=1, it's possible to have a tracee that is already
ptrace-attached, but is no longer a direct descendant.  For instance, a
forking daemon will be re-parented to init, losing its ancestry to the
tracer that launched it.

The tracer can continue using ptrace in that state, but it will be
denied other accesses that check PTRACE_MODE_ATTACH, like process_vm_rw
and various procfs files.  There's no reason to prevent such access for
a tracer that already has ptrace control anyway.

This patch adds a case to ptracer_exception_found to allow access for
any task in the same thread group as the current ptrace parent.

Signed-off-by: Josh Stone <jistone@redhat.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: James Morris <james.l.morris@oracle.com>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: linux-security-module@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Josh Stone 8 years ago
parent
9430066a15
commit
50523a29d9
1 changed files with 15 additions and 1 deletions
Unified View Show Diff Stats
  1. 15 1
      security/yama/yama_lsm.c

+ 15 - 1
security/yama/yama_lsm.c
View File 

@@ -309,7 +309,7 @@ static int task_is_descendant(struct task_struct *parent,
 
  * @tracer: the task_struct of the process attempting ptrace
 
  * @tracer: the task_struct of the process attempting ptrace
 
  * @tracee: the task_struct of the process to be ptraced
 
  * @tracee: the task_struct of the process to be ptraced
 
  *
 
  *
 
- * Returns 1 if tracer has is ptracer exception ancestor for tracee.
 
+ * Returns 1 if tracer has a ptracer exception ancestor for tracee.
 
  */
 
  */
 
 static int ptracer_exception_found(struct task_struct *tracer,
 
 static int ptracer_exception_found(struct task_struct *tracer,
 
 				   struct task_struct *tracee)
 
 				   struct task_struct *tracee)
 
@@ -320,6 +320,18 @@ static int ptracer_exception_found(struct task_struct *tracer,
 
 	bool found = false;
 
 	bool found = false;
 
 
 
 	rcu_read_lock();
 
 	rcu_read_lock();
 
+
 
+	/*
 
+	 * If there's already an active tracing relationship, then make an
 
+	 * exception for the sake of other accesses, like process_vm_rw().
 
+	 */
 
+	parent = ptrace_parent(tracee);
 
+	if (parent != NULL && same_thread_group(parent, tracer)) {
 
+		rc = 1;
 
+		goto unlock;
 
+	}
 
+
 
+	/* Look for a PR_SET_PTRACER relationship. */
 
 	if (!thread_group_leader(tracee))
 
 	if (!thread_group_leader(tracee))
 
 		tracee = rcu_dereference(tracee->group_leader);
 
 		tracee = rcu_dereference(tracee->group_leader);
 
 	list_for_each_entry_rcu(relation, &ptracer_relations, node) {
 
 	list_for_each_entry_rcu(relation, &ptracer_relations, node) {
 
@@ -334,6 +346,8 @@ static int ptracer_exception_found(struct task_struct *tracer,
 
 
 
 	if (found && (parent == NULL || task_is_descendant(parent, tracer)))
 
 	if (found && (parent == NULL || task_is_descendant(parent, tracer)))
 
 		rc = 1;
 
 		rc = 1;
 
+
 
+unlock:
 
 	rcu_read_unlock();
 
 	rcu_read_unlock();
 
 
 
 	return rc;
 
 	return rc;