Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 51775fe7 authored by Oleg Nesterov's avatar Oleg Nesterov Committed by John Johansen
Browse files

apparmor: remove the "task" arg from may_change_ptraced_domain() 



Unless task == current ptrace_parent(task) is not safe even under
rcu_read_lock() and most of the current users are not right.

So may_change_ptraced_domain(task) looks wrong as well. However it
is always called with task == current so the code is actually fine.
Remove this argument to make this fact clear.

Note: perhaps we should simply kill ptrace_parent(), it buys almost
nothing. And it is obviously racy, perhaps this should be fixed.

Signed-off-by: default avatarOleg Nesterov <oleg@redhat.com>
Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
parent 4a7fc301

security/apparmor/domain.c

+6 −8
Original line number Diff line number Diff line
@@ -50,23 +50,21 @@ void aa_free_domain_entries(struct aa_domain *domain) 


/**

 * may_change_ptraced_domain - check if can change profile on ptraced task

 * @task: task we want to change profile of   (NOT NULL)

 * @to_profile: profile to change to  (NOT NULL)

 *

 * Check if the task is ptraced and if so if the tracing task is allowed

 * Check if current is ptraced and if so if the tracing task is allowed

 * to trace the new domain

 *

 * Returns: %0 or error if change not allowed

 */

static int may_change_ptraced_domain(struct task_struct *task,

				     struct aa_profile *to_profile)

static int may_change_ptraced_domain(struct aa_profile *to_profile)

{

	struct task_struct *tracer;

	struct aa_profile *tracerp = NULL;

	int error = 0;



	rcu_read_lock();

	tracer = ptrace_parent(task);

	tracer = ptrace_parent(current);

	if (tracer)

		/* released below */

		tracerp = aa_get_task_profile(tracer);
@@ -477,7 +475,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) 
	}



	if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {

		error = may_change_ptraced_domain(current, new_profile);

		error = may_change_ptraced_domain(new_profile);

		if (error) {

			aa_put_profile(new_profile);

			goto audit;
@@ -690,7 +688,7 @@ int aa_change_hat(const char *hats[], int count, u64 token, bool permtest) 
			}

		}



		error = may_change_ptraced_domain(current, hat);

		error = may_change_ptraced_domain(hat);

		if (error) {

			info = "ptraced";

			error = -EPERM;
@@ -829,7 +827,7 @@ int aa_change_profile(const char *ns_name, const char *hname, bool onexec, 
	}



	/* check if tracing task is allowed to trace target domain */

	error = may_change_ptraced_domain(current, target);

	error = may_change_ptraced_domain(target);

	if (error) {

		info = "ptrace prevents transition";

		goto audit;