[PATCH] UBUNTU: SAUCE: ptrace: restrict ptrace scope to children

Kees Cook kees.cook at canonical.com
Wed May 26 20:50:15 UTC 2010


Hi Chase,

On Wed, May 26, 2010 at 04:15:25PM -0400, Chase Douglas wrote:
> > +	if (ptrace_scope && !capable(CAP_SYS_PTRACE)) {
> > +		/* require ptrace target be a child of ptracer */
> > +		struct task_struct *tmp = task;
> > +		struct task_struct *curtemp = current;
> 
> Why create a new variable just to store current? I think it would be
> more readable to just use current where you use curtemp. I don't think
> current should change from under you when you're here.
> 
> > +		int rc = 0;
> > +
> > +		read_lock(&tasklist_lock);
> > +		while (tmp->pid > 0) {
> > +			if (tmp == curtemp)
> > +				break;
> > +			tmp = tmp->parent;
> > +		}
> > +		if (tmp->pid == 0)
> > +			rc = -EPERM;
> > +		read_unlock(&tasklist_lock);

That's a fair point -- I guess we're under lock the entire time.  I'd be
fine to change it if other people agree it's safe looking.

-Kees

-- 
Kees Cook
Ubuntu Security Team




More information about the kernel-team mailing list