exec: Test the ptracer's saved cred to see if the tracee can gain caps

Now that we have user namespaces and non-global capabilities verify the tracer has capabilities in the relevant user namespace instead of in the current_user_ns(). As the test for setting LSM_UNSAFE_PTRACE_CAP is currently ptracer_capable(p, current_user_ns()) and the new task credentials are in current_user_ns() this change does not have any user visible change and simply moves the test to where it is used, making the code easier to read. Signed-off-by: N "Eric W. Biederman" <ebiederm@xmission.com>

exec: Test the ptracer's saved cred to see if the tracee can gain caps
Now that we have user namespaces and non-global capabilities verify the tracer has capabilities in the relevant user namespace instead of in the current_user_ns(). As the test for setting LSM_UNSAFE_PTRACE_CAP is currently ptracer_capable(p, current_user_ns()) and the new task credentials are in current_user_ns() this change does not have any user visible change and simply moves the test to where it is used, making the code easier to read. Signed-off-by: N "Eric W. Biederman" <ebiederm@xmission.com>
20523132 · Eric W. Biederman · 70169420 · 20523132
显示空白变更内容
内联并排

Showing with 2 addition and 1 deletion

security/commoncap.c security/commoncap.c +2 -1

未找到文件。
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -548,7 +548,8 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)

 	if ((is_setid ||
 	     !cap_issubset(new->cap_permitted, old->cap_permitted)) &&
-	    bprm->unsafe & ~LSM_UNSAFE_PTRACE_CAP) {
+	    ((bprm->unsafe & ~(LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) ||
+	     !ptracer_capable(current, new->user_ns))) {
 		/* downgrade; they get no more than they had, and maybe less */
 		if (!ns_capable(new->user_ns, CAP_SETUID) ||
 		    (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS)) {