diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2017-01-23 05:26:31 +0100 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2017-01-24 00:03:08 +0100 |
commit | 9227dd2a84a765fcfef1677ff17de0958b192eda (patch) | |
tree | 8dc953fa3145922b6db30c8ebf9f34ff018bde5b /security | |
parent | exec: Test the ptracer's saved cred to see if the tracee can gain caps (diff) | |
download | linux-9227dd2a84a765fcfef1677ff17de0958b192eda.tar.xz linux-9227dd2a84a765fcfef1677ff17de0958b192eda.zip |
exec: Remove LSM_UNSAFE_PTRACE_CAP
With previous changes every location that tests for
LSM_UNSAFE_PTRACE_CAP also tests for LSM_UNSAFE_PTRACE making the
LSM_UNSAFE_PTRACE_CAP redundant, so remove it.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/apparmor/domain.c | 2 | ||||
-rw-r--r-- | security/commoncap.c | 2 | ||||
-rw-r--r-- | security/selinux/hooks.c | 3 | ||||
-rw-r--r-- | security/smack/smack_lsm.c | 2 |
4 files changed, 4 insertions, 5 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index a4d90aa1045a..04185b7fd38a 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -469,7 +469,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) ; } - if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) { + if (bprm->unsafe & LSM_UNSAFE_PTRACE) { error = may_change_ptraced_domain(new_profile); if (error) goto audit; diff --git a/security/commoncap.c b/security/commoncap.c index cbb203c91406..8ec6b7fe909e 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -548,7 +548,7 @@ skip: if ((is_setid || !cap_issubset(new->cap_permitted, old->cap_permitted)) && - ((bprm->unsafe & ~(LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) || + ((bprm->unsafe & ~LSM_UNSAFE_PTRACE) || !ptracer_capable(current, new->user_ns))) { /* downgrade; they get no more than they had, and maybe less */ if (!ns_capable(new->user_ns, CAP_SETUID) || diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index c7c6619431d5..cece6fe55f02 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2404,8 +2404,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) /* Make sure that anyone attempting to ptrace over a task that * changes its SID has the appropriate permit */ - if (bprm->unsafe & - (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) { + if (bprm->unsafe & LSM_UNSAFE_PTRACE) { u32 ptsid = ptrace_parent_sid(current); if (ptsid != 0) { rc = avc_has_perm(ptsid, new_tsec->sid, diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 94dc9d406ce3..bc2ff09f1494 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -934,7 +934,7 @@ static int smack_bprm_set_creds(struct linux_binprm *bprm) isp->smk_task != sbsp->smk_root) return 0; - if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) { + if (bprm->unsafe & LSM_UNSAFE_PTRACE) { struct task_struct *tracer; rc = 0; |