projects
/
firefly-linux-kernel-4.4.55.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge tag 'v4.4.42' into linux-linaro-lsk-v4.4
[firefly-linux-kernel-4.4.55.git]
/
security
/
commoncap.c
diff --git
a/security/commoncap.c
b/security/commoncap.c
index 1832cf701c3d6d44d90adeb278bd04bca489d274..48071ed7c445d025fa4ae57c12f032bfa916521f 100644
(file)
--- a/
security/commoncap.c
+++ b/
security/commoncap.c
@@
-137,12
+137,17
@@
int cap_ptrace_access_check(struct task_struct *child, unsigned int mode)
{
int ret = 0;
const struct cred *cred, *child_cred;
{
int ret = 0;
const struct cred *cred, *child_cred;
+ const kernel_cap_t *caller_caps;
rcu_read_lock();
cred = current_cred();
child_cred = __task_cred(child);
rcu_read_lock();
cred = current_cred();
child_cred = __task_cred(child);
+ if (mode & PTRACE_MODE_FSCREDS)
+ caller_caps = &cred->cap_effective;
+ else
+ caller_caps = &cred->cap_permitted;
if (cred->user_ns == child_cred->user_ns &&
if (cred->user_ns == child_cred->user_ns &&
- cap_issubset(child_cred->cap_permitted,
cred->cap_permitted
))
+ cap_issubset(child_cred->cap_permitted,
*caller_caps
))
goto out;
if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE))
goto out;
goto out;
if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE))
goto out;