shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-07 19:30:30 +09:00
Code Issues Packages Projects Releases Wiki Activity

Revert "proc: smaps: Allow smaps access for CAP_SYS_RESOURCE"

Browse Source 
This reverts commit 9d19f72b43.

This fixes CVE-2017-0710.

SELinux allows more fine grained control: We grant processes that need
access to smaps CAP_SYS_PTRACE but prohibit them from using ptrace
attach().

Bug: 34951864
Bug: 36468447
Change-Id: I8ea67f8771ec212950bc251ee750bd8a7e7c0643
Signed-off-by: Daniel Mentz <danielmentz@google.com>
This commit is contained in:
Daniel Mentz
2017-07-07 11:27:31 -07:00
committed by Amit Pundir
parent cbfeb013a6
commit d09bf7f8c7
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
kernel/fork.c
View File

@@ -827,8 +827,7 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
mm = get_task_mm(task);
if (mm && mm != current->mm &&
!ptrace_may_access(task, mode) &&
!capable(CAP_SYS_RESOURCE)) {
!ptrace_may_access(task, mode)) {
mmput(mm);
mm = ERR_PTR(-EACCES);
}