[PATCH] UBUNTU: SAUCE: ptrace: restrict ptrace scope to children
Kees Cook
kees.cook at canonical.com
Wed May 26 20:50:15 UTC 2010
Hi Chase,
On Wed, May 26, 2010 at 04:15:25PM -0400, Chase Douglas wrote:
> > + if (ptrace_scope && !capable(CAP_SYS_PTRACE)) {
> > + /* require ptrace target be a child of ptracer */
> > + struct task_struct *tmp = task;
> > + struct task_struct *curtemp = current;
>
> Why create a new variable just to store current? I think it would be
> more readable to just use current where you use curtemp. I don't think
> current should change from under you when you're here.
>
> > + int rc = 0;
> > +
> > + read_lock(&tasklist_lock);
> > + while (tmp->pid > 0) {
> > + if (tmp == curtemp)
> > + break;
> > + tmp = tmp->parent;
> > + }
> > + if (tmp->pid == 0)
> > + rc = -EPERM;
> > + read_unlock(&tasklist_lock);
That's a fair point -- I guess we're under lock the entire time. I'd be
fine to change it if other people agree it's safe looking.
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the kernel-team
mailing list