]>
Commit | Line | Data |
---|---|---|
742fedfb GKH |
1 | From 9474f4e7cd71a633fa1ef93b7daefd44bbdfd482 Mon Sep 17 00:00:00 2001 |
2 | From: Kees Cook <keescook@chromium.org> | |
3 | Date: Wed, 16 Jan 2019 10:31:09 -0800 | |
4 | Subject: Yama: Check for pid death before checking ancestry | |
5 | ||
6 | From: Kees Cook <keescook@chromium.org> | |
7 | ||
8 | commit 9474f4e7cd71a633fa1ef93b7daefd44bbdfd482 upstream. | |
9 | ||
10 | It's possible that a pid has died before we take the rcu lock, in which | |
11 | case we can't walk the ancestry list as it may be detached. Instead, check | |
12 | for death first before doing the walk. | |
13 | ||
14 | Reported-by: syzbot+a9ac39bf55329e206219@syzkaller.appspotmail.com | |
15 | Fixes: 2d514487faf1 ("security: Yama LSM") | |
16 | Cc: stable@vger.kernel.org | |
17 | Suggested-by: Oleg Nesterov <oleg@redhat.com> | |
18 | Signed-off-by: Kees Cook <keescook@chromium.org> | |
19 | Signed-off-by: James Morris <james.morris@microsoft.com> | |
20 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
21 | ||
22 | --- | |
23 | security/yama/yama_lsm.c | 4 +++- | |
24 | 1 file changed, 3 insertions(+), 1 deletion(-) | |
25 | ||
26 | --- a/security/yama/yama_lsm.c | |
27 | +++ b/security/yama/yama_lsm.c | |
28 | @@ -288,7 +288,9 @@ static int yama_ptrace_access_check(stru | |
29 | break; | |
30 | case YAMA_SCOPE_RELATIONAL: | |
31 | rcu_read_lock(); | |
32 | - if (!task_is_descendant(current, child) && | |
33 | + if (!pid_alive(child)) | |
34 | + rc = -EPERM; | |
35 | + if (!rc && !task_is_descendant(current, child) && | |
36 | !ptracer_exception_found(current, child) && | |
37 | !ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE)) | |
38 | rc = -EPERM; |