Introduce ENGINE_LSM_TRACE and ENGINE_LSM_TRACE_CAP bits for
utrace_unsafe_exec(). These bit should be set when we attach the
new engine by user request.
Note: we use engine->flags and task->utrace_flags, this doesn't
really matter. The only important point is: somehow utrace_engine
should have the security info which we do not currently have.
Note!!!!!! The next patches try to convert ptrace-utrace, but
ptrace is only used for example. gdbstub or whatever has the same
security problems and needs.
---
kernel/utrace.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
--- RHEL6/kernel/utrace.c~3_ENGINE_LSM_FLAGS 2010-07-06 23:55:14.000000000
+0200
+++ RHEL6/kernel/utrace.c 2010-07-07 00:48:09.000000000 +0200
@@ -460,7 +460,11 @@ static void put_detached_list(struct lis
*/
#define ENGINE_STOP (1UL << _UTRACE_NEVENTS)
-#define ENGINE_EXTRA_FLAGS (ENGINE_STOP)
+#define ENGINE_LSM_TRACE (1UL << (_UTRACE_NEVENTS + 1))
+#define ENGINE_LSM_TRACE_CAP (1UL << (_UTRACE_NEVENTS + 2))
+#define ENGINE_LSM_MASK (ENGINE_LSM_TRACE |
ENGINE_LSM_TRACE_CAP)
+
+#define ENGINE_EXTRA_FLAGS (ENGINE_STOP | ENGINE_LSM_MASK)
static void mark_engine_wants_stop(struct task_struct *task,
struct utrace_engine *engine)
@@ -2457,9 +2461,15 @@ int utrace_unsafe_exec(struct task_struc
{
int unsafe = 0;
- if (task->ptrace & PT_PTRACE_CAP)
+ if (task->utrace_flags & ENGINE_LSM_TRACE)
+ unsafe = LSM_UNSAFE_PTRACE;
+ else if (task->utrace_flags & ENGINE_LSM_TRACE_CAP)
unsafe = LSM_UNSAFE_PTRACE_CAP;
- else if (task->ptrace)
+
+ if (task->ptrace & PT_PTRACE_CAP) {
+ if (!unsafe)
+ unsafe = LSM_UNSAFE_PTRACE_CAP;
+ } else if (task->ptrace)
unsafe = LSM_UNSAFE_PTRACE;
return unsafe;
