[Fedora 12/19] ptrace: Do not allow ptrace() from unsigned process to signed one
Matthew Garrett
matthew.garrett at nebula.com
Wed Sep 4 21:42:34 UTC 2013
On Wed, 2013-09-04 at 17:24 -0400, Vivek Goyal wrote:
Doesn't this:
> + if (!ptraced_by_unsafe_tracer())
> + bprm->cred->proc_signed = true;
race with this if the attacker is able to run between the check and
proc_signed being set to true?
> + if (mode != PTRACE_MODE_READ && child_cred->proc_signed &&
> + !cred->proc_signed) {
> + ret = -EPERM;
> + goto out;
> + }
--
Matthew Garrett <matthew.garrett at nebula.com>
More information about the kernel
mailing list