summaryrefslogtreecommitdiff
path: root/Documentation/security
diff options
context:
space:
mode:
authorLukasz Pawelczyk <l.pawelczyk@partner.samsung.com>2014-03-11 20:07:05 +0400
committerCasey Schaufler <casey@schaufler-ca.com>2014-04-12 01:34:26 +0400
commit5663884caab166f87ab8c68ec7c62b1cce85a400 (patch)
treea106c1314669cbe6809f2b327395f0d37167b10f /Documentation/security
parent959e6c7f1eee42f14d31755b1134f5615db1d9bc (diff)
downloadlinux-5663884caab166f87ab8c68ec7c62b1cce85a400.tar.xz
Smack: unify all ptrace accesses in the smack
The decision whether we can trace a process is made in the following functions: smack_ptrace_traceme() smack_ptrace_access_check() smack_bprm_set_creds() (in case the proces is traced) This patch unifies all those decisions by introducing one function that checks whether ptrace is allowed: smk_ptrace_rule_check(). This makes possible to actually trace with TRACEME where first the TRACEME itself must be allowed and then exec() on a traced process. Additional bugs fixed: - The decision is made according to the mode parameter that is now correctly translated from PTRACE_MODE_* to MAY_* instead of being treated 1:1. PTRACE_MODE_READ requires MAY_READ. PTRACE_MODE_ATTACH requires MAY_READWRITE. - Add a smack audit log in case of exec() refused by bprm_set_creds(). - Honor the PTRACE_MODE_NOAUDIT flag and don't put smack audit info in case this flag is set. Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com> Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Diffstat (limited to 'Documentation/security')
0 files changed, 0 insertions, 0 deletions