[6/9] ptrace: warn on ptrace_may_access without proper locking
diff mbox

Message ID 1474211117-16674-7-git-send-email-jann@thejh.net
State New
Headers show

Commit Message

Jann Horn Sept. 18, 2016, 3:05 p.m. UTC
If neither of those locks is taken during a ptrace_may_access() call, that
is a strong indicator for a security bug where post-execve process
properties can be leaked by racing with execve().

Signed-off-by: Jann Horn <jann@thejh.net>
 kernel/ptrace.c | 3 +++
 1 file changed, 3 insertions(+)

diff mbox

diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index dc7594a..b311ca5 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -224,6 +224,9 @@  static int __ptrace_may_access(struct task_struct *task, unsigned int mode,
 	kuid_t caller_uid;
 	kgid_t caller_gid;
+	WARN_ON(!mutex_is_locked(&task->signal->cred_guard_mutex) &&
+		!mutex_is_locked(&task->signal->cred_guard_light));
 	if (!(mode & PTRACE_MODE_FSCREDS) == !(mode & PTRACE_MODE_REALCREDS)) {
 		WARN(1, "denying ptrace access check without PTRACE_MODE_*CREDS\n");
 		return -EPERM;