subject:"\[PATCH v1 1\/2\] ptrace\: Set PF_SUPERPRIV when checking capability"

Re: [PATCH v1 1/2] ptrace: Set PF_SUPERPRIV when checking capability

2020-10-30 Thread Jann Horn

On Fri, Oct 30, 2020 at 5:06 PM Mickaël Salaün wrote: > On 30/10/2020 16:47, Jann Horn wrote: > > On Fri, Oct 30, 2020 at 1:39 PM Mickaël Salaün wrote: > >> Commit 69f594a38967 ("ptrace: do not audit capability check when outputing > >> /proc/pid/stat") replaced the use of ns_capable() with > >>

Re: [PATCH v1 1/2] ptrace: Set PF_SUPERPRIV when checking capability

2020-10-30 Thread Mickaël Salaün

On 30/10/2020 16:47, Jann Horn wrote: > On Fri, Oct 30, 2020 at 1:39 PM Mickaël Salaün wrote: >> Commit 69f594a38967 ("ptrace: do not audit capability check when outputing >> /proc/pid/stat") replaced the use of ns_capable() with >> has_ns_capability{,_noaudit}() which doesn't set PF_SUPERPRIV.

Re: [PATCH v1 1/2] ptrace: Set PF_SUPERPRIV when checking capability

2020-10-30 Thread Jann Horn

On Fri, Oct 30, 2020 at 1:39 PM Mickaël Salaün wrote: > Commit 69f594a38967 ("ptrace: do not audit capability check when outputing > /proc/pid/stat") replaced the use of ns_capable() with > has_ns_capability{,_noaudit}() which doesn't set PF_SUPERPRIV. > > Commit 6b3ad6649a4c ("ptrace:

[PATCH v1 1/2] ptrace: Set PF_SUPERPRIV when checking capability

2020-10-30 Thread Mickaël Salaün

From: Mickaël Salaün Commit 69f594a38967 ("ptrace: do not audit capability check when outputing /proc/pid/stat") replaced the use of ns_capable() with has_ns_capability{,_noaudit}() which doesn't set PF_SUPERPRIV. Commit 6b3ad6649a4c ("ptrace: reintroduce usage of subjective credentials in