Introduce ENGINE_LSM_TRACE and ENGINE_LSM_TRACE_CAP bits for utrace_unsafe_exec(). These bit should be set when we attach the new engine by user request.
Note: we use engine->flags and task->utrace_flags, this doesn't really matter. The only important point is: somehow utrace_engine should have the security info which we do not currently have. Note!!!!!! The next patches try to convert ptrace-utrace, but ptrace is only used for example. gdbstub or whatever has the same security problems and needs. --- kernel/utrace.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) --- RHEL6/kernel/utrace.c~3_ENGINE_LSM_FLAGS 2010-07-06 23:55:14.000000000 +0200 +++ RHEL6/kernel/utrace.c 2010-07-07 00:48:09.000000000 +0200 @@ -460,7 +460,11 @@ static void put_detached_list(struct lis */ #define ENGINE_STOP (1UL << _UTRACE_NEVENTS) -#define ENGINE_EXTRA_FLAGS (ENGINE_STOP) +#define ENGINE_LSM_TRACE (1UL << (_UTRACE_NEVENTS + 1)) +#define ENGINE_LSM_TRACE_CAP (1UL << (_UTRACE_NEVENTS + 2)) +#define ENGINE_LSM_MASK (ENGINE_LSM_TRACE | ENGINE_LSM_TRACE_CAP) + +#define ENGINE_EXTRA_FLAGS (ENGINE_STOP | ENGINE_LSM_MASK) static void mark_engine_wants_stop(struct task_struct *task, struct utrace_engine *engine) @@ -2457,9 +2461,15 @@ int utrace_unsafe_exec(struct task_struc { int unsafe = 0; - if (task->ptrace & PT_PTRACE_CAP) + if (task->utrace_flags & ENGINE_LSM_TRACE) + unsafe = LSM_UNSAFE_PTRACE; + else if (task->utrace_flags & ENGINE_LSM_TRACE_CAP) unsafe = LSM_UNSAFE_PTRACE_CAP; - else if (task->ptrace) + + if (task->ptrace & PT_PTRACE_CAP) { + if (!unsafe) + unsafe = LSM_UNSAFE_PTRACE_CAP; + } else if (task->ptrace) unsafe = LSM_UNSAFE_PTRACE; return unsafe;