Message ID | 87pomlm68e.fsf@xmission.com |
---|---|
State | New |
Series | "mm: Add a user_ns owner to mm_struct and fix ptrace permission checks" |
Headers | show |
diff --git a/kernel/ptrace.c b/kernel/ptrace.c index 44a25a1e6e83..b53983ee3f03 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c @@ -272,7 +272,7 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode) ok: rcu_read_unlock(); mm = task->mm; - if (mm && + if (!mm || ((get_dumpable(mm) != SUID_DUMP_USER) && !ptrace_has_cap(mm->user_ns, mode))) return -EPERM;
On Thu, Oct 27, 2016 at 11:45:37PM -0500, Eric W. Biederman wrote: > > Mind if I add your tested-by? > > To see Linus's tree fail with my patch you can apply the patch below. > That is the essence of what I changed to fix things. Just ignoring > dumpable when an mm exists. Tested-by: Cyrill Gorcunov <gorcunov@openvz.org> Thanks a huge!