Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5b07c2d2 authored by Daniel Mentz's avatar Daniel Mentz
Browse files

Revert "ANDROID: proc: smaps: Allow smaps access for CAP_SYS_RESOURCE" 



This reverts commit ff8b8081.

This fixes CVE-2017-0710.

SELinux allows more fine grained control: We grant processes that need
access to smaps CAP_SYS_PTRACE but prohibit them from using ptrace
attach().

Bug: 34951864
Bug: 36468447
Change-Id: I00a513188245a30bc63dcbdafbb9746bc6d9d6ff
Signed-off-by: default avatarDaniel Mentz <danielmentz@google.com>
parent 14accea7

kernel/fork.c

+1 −2
Original line number Diff line number Diff line
@@ -1010,8 +1010,7 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) 


	mm = get_task_mm(task);

	if (mm && mm != current->mm &&

			!ptrace_may_access(task, mode) &&

			!capable(CAP_SYS_RESOURCE)) {

			!ptrace_may_access(task, mode)) {

		mmput(mm);

		mm = ERR_PTR(-EACCES);

	}