[PATCH][SELINUX] Retain ptracer SID across fork

[Stephen Smalley]

This patch against 2.6.9-rc3-mm3 fixes a bug in SELinux to retain the
ptracer SID (if any) across fork.  Otherwise, SELinux will always deny
attempts by traced children to exec domain-changing programs even if the
policy would have allowed the tracer to trace the new domains as well. 
Please apply.

Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxxx>
Signed-off-by: James Morris <jmorris@xxxxxxxxxx>

 security/selinux/hooks.c |    5 +++++
 1 files changed, 5 insertions(+)

diff -X /home/sds/dontdiff -rup linux-2.6.9-rc3-mm3/security/selinux/hooks.c linux-2.6.9-rc3-mm3-ptrace/security/selinux/hooks.c
--- linux-2.6.9-rc3-mm3/security/selinux/hooks.c	2004-10-08 09:16:48.000000000 -0400
+++ linux-2.6.9-rc3-mm3-ptrace/security/selinux/hooks.c	2004-10-08 09:44:51.705623352 -0400
@@ -2622,6 +2622,11 @@ static int selinux_task_alloc_security(s
 	tsec2->exec_sid = tsec1->exec_sid;
 	tsec2->create_sid = tsec1->create_sid;
 
+	/* Retain ptracer SID across fork, if any.
+	   This will be reset by the ptrace hook upon any 
+	   subsequent ptrace_attach operations. */
+	tsec2->ptrace_sid = tsec1->ptrace_sid;
+
 	return 0;
 }
 

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/