diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2017-01-23 17:17:26 +1300 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2017-01-24 12:03:08 +1300 |
commit | 20523132ec5d1b481e1d66557292ed3a3021e817 (patch) | |
tree | 9f34d81fd0c96881c8d66413184b5f736e6f626c | |
parent | 70169420f555210147f3cab74bb0f6debd488bdb (diff) | |
download | lwn-20523132ec5d1b481e1d66557292ed3a3021e817.tar.gz lwn-20523132ec5d1b481e1d66557292ed3a3021e817.zip |
exec: Test the ptracer's saved cred to see if the tracee can gain caps
Now that we have user namespaces and non-global capabilities verify
the tracer has capabilities in the relevant user namespace instead
of in the current_user_ns().
As the test for setting LSM_UNSAFE_PTRACE_CAP is currently
ptracer_capable(p, current_user_ns()) and the new task credentials are
in current_user_ns() this change does not have any user visible change
and simply moves the test to where it is used, making the code easier
to read.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
-rw-r--r-- | security/commoncap.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index feb6044f701d..cbb203c91406 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -548,7 +548,8 @@ skip: if ((is_setid || !cap_issubset(new->cap_permitted, old->cap_permitted)) && - bprm->unsafe & ~LSM_UNSAFE_PTRACE_CAP) { + ((bprm->unsafe & ~(LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) || + !ptracer_capable(current, new->user_ns))) { /* downgrade; they get no more than they had, and maybe less */ if (!ns_capable(new->user_ns, CAP_SETUID) || (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS)) { |