CRED: Guard the setprocattr security hook against ptrace
authorDavid Howells <dhowells@redhat.com>
Fri, 8 May 2009 12:55:27 +0000 (13:55 +0100)
committerJames Morris <jmorris@namei.org>
Sun, 10 May 2009 22:15:39 +0000 (08:15 +1000)
commit107db7c7dd137aeb7361b8c2606ac936c0be58ff
tree7e8e024bbed52ac111a0b2ac878da1a95752c28b
parent5e751e992f3fb08ba35e1ca8095ec8fbf9eda523
CRED: Guard the setprocattr security hook against ptrace

Guard the setprocattr security hook against ptrace by taking the target task's
cred_guard_mutex around it.  The problem is that setprocattr() may otherwise
note the lack of a debugger, and then perform an action on that basis whilst
letting a debugger attach between the two points.  Holding cred_guard_mutex
across the test and the action prevents ptrace_attach() from doing that.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
fs/proc/base.c