Re: [PATCH 2/2] CRED: Guard the setprocattr security hook againstptrace

From: James Morris
Date: Sun May 10 2009 - 18:39:56 EST


On Fri, 8 May 2009, David Howells wrote:

> Guard the setprocattr security hook against ptrace by taking the target task's
> cred_guard_mutex around it. The problem is that setprocattr() may otherwise
> note the lack of a debugger, and then perform an action on that basis whilst
> letting a debugger attach between the two points. Holding cred_guard_mutex
> across the test and the action prevents ptrace_attach() from doing that.
>
> Signed-off-by: David Howells <dhowells@xxxxxxxxxx>

Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next

--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/