[pull,request,natty,maverick] fix PR_SET_PTRACER

Submitted by Kees Cook on March 8, 2011, 2:41 a.m.

Details

Message ID 20110308024150.GA1681@outflux.net
State New
Headers show

Pull-request

git://kernel.ubuntu.com/kees/ubuntu-natty.git master

Commit Message

Kees Cook March 8, 2011, 2:41 a.m.
This should be applied to both natty and maverick, please. It fixes a bug
in the ptrace restrictions that the Firefox folks uncovered.

The following changes since commit 38eeba0187c013657e563b2a82f8ca384e0bb26c:

  UBUNTU: Ubuntu-2.6.38-6.33 (2011-03-07 15:33:35 +0000)

are available in the git repository at:
  git://kernel.ubuntu.com/kees/ubuntu-natty.git master

Kees Cook (1):
      Yama: use thread group leader when creating match

 security/yama/yama_lsm.c |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

Comments

Tim Gardner March 8, 2011, 2:23 p.m.
On 03/08/2011 02:41 AM, Kees Cook wrote:
> git://kernel.ubuntu.com/kees/ubuntu-natty.git master

Applied to Natty.

For Maverick:

Acked-by: Tim Gardner <tim.gardner@canonical.com>
Stefan Bader March 10, 2011, 8:41 a.m.
On 03/08/2011 03:41 AM, Kees Cook wrote:
> git://kernel.ubuntu.com/kees/ubuntu-natty.git master
> 

Just for completeness, was this the previous patch that the description is
referring to?

commit 86266876b885a6f08668f39688e68a05f6bfac3c
Author: Kees Cook <kees.cook@canonical.com>
Date:   Tue Jul 13 09:04:08 2010 -0700

    UBUNTU: SAUCE: Yama: search for PTRACE exceptions via thread group leader

    When looking for PTRACE exceptions, the thread group leader must be used
    otherwise the exceptions can be missed for threaded processes.

Otherwise looks ok.

Acked-by: Stefan Bader <stefan.bader@canonical.com>
Stefan Bader March 10, 2011, 9:12 a.m.
Applied and pushed to Maverick master-next
Kees Cook March 10, 2011, 2:59 p.m.
Hi Stefan,

On Thu, Mar 10, 2011 at 09:41:13AM +0100, Stefan Bader wrote:
> On 03/08/2011 03:41 AM, Kees Cook wrote:
> > git://kernel.ubuntu.com/kees/ubuntu-natty.git master
> > 
> 
> Just for completeness, was this the previous patch that the description is
> referring to?
> 
> commit 86266876b885a6f08668f39688e68a05f6bfac3c
> Author: Kees Cook <kees.cook@canonical.com>
> Date:   Tue Jul 13 09:04:08 2010 -0700
> 
>     UBUNTU: SAUCE: Yama: search for PTRACE exceptions via thread group leader
> 
>     When looking for PTRACE exceptions, the thread group leader must be used
>     otherwise the exceptions can be missed for threaded processes.
> 
> Otherwise looks ok.

Yeah, that's the one.

> Acked-by: Stefan Bader <stefan.bader@canonical.com>

Thanks!

-Kees