diff options
| author | Stefan Agner <stefan@agner.ch> | 2016-06-02 12:22:30 -0700 |
|---|---|---|
| committer | Max Krummenacher <max.krummenacher@toradex.com> | 2017-03-15 18:35:46 +0100 |
| commit | 440ef98ad687b210dca17e5c5141b24738f04922 (patch) | |
| tree | 036c3507db3d4250cff096e825fc90897e485a3c /security/commoncap.c | |
| parent | de1c77640710e1cca36091c8e6d7947bff2397e7 (diff) | |
| parent | 648d744eff1aedea4ffe49dfca07aa465669e1f4 (diff) | |
Merge tag 'v4.1.24' into toradex_vf_4.1-next
Linux 4.1.24
Diffstat (limited to 'security/commoncap.c')
| -rw-r--r-- | security/commoncap.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index f2875cd9f677..4cdc8eb8d5d2 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -142,12 +142,17 @@ int cap_ptrace_access_check(struct task_struct *child, unsigned int mode) { int ret = 0; const struct cred *cred, *child_cred; + const kernel_cap_t *caller_caps; rcu_read_lock(); cred = current_cred(); child_cred = __task_cred(child); + if (mode & PTRACE_MODE_FSCREDS) + caller_caps = &cred->cap_effective; + else + caller_caps = &cred->cap_permitted; if (cred->user_ns == child_cred->user_ns && - cap_issubset(child_cred->cap_permitted, cred->cap_permitted)) + cap_issubset(child_cred->cap_permitted, *caller_caps)) goto out; if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE)) goto out; |