[PATCH 3.2 89/94] security: Fix mode test in selinux_ptrace_access_check()
From: Ben Hutchings
Date: Thu Dec 28 2017 - 13:26:39 EST
3.2.97-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
Commit 1c8d42255f4c "ptrace: use fsuid, fsgid, effective creds for fs access
checks" added flags to the ptrace mode which need to be ignored here.
This change was made upstream in 3.3 as part of commit 69f594a38967
"ptrace: do not audit capability check when outputing /proc/pid/stat", but
that's probably not suitable for stable due to its dependencies.
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1845,7 +1845,7 @@ static int selinux_ptrace_access_check(s
if (rc)
return rc;
- if (mode == PTRACE_MODE_READ) {
+ if (mode & PTRACE_MODE_READ) {
u32 sid = current_sid();
u32 csid = task_sid(child);
return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);