mirror of https://github.com/mkerrisk/man-pages
ptrace.2: Various fixes after review by Jann Horn
Among other things, Jann pointed out that the commoncap LSM is always invoked, and Kees Cook pointed out the relevant kernel code: === > BTW, can you point me at the piece(s) of kernel code that show that > "commoncap" is always invoked in addition to any other LSM that has > been installed? It's not entirely obvious, but the bottom of security/commoncap.c shows: struct security_hook_list capability_hooks[] = { LSM_HOOK_INIT(capable, cap_capable), ... }; void __init capability_add_hooks(void) { security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks)); } And security/security.c shows the initialization order of the LSMs: int __init security_init(void) { pr_info("Security Framework initialized\n"); /* * Load minor LSMs, with the capability module always first. */ capability_add_hooks(); yama_add_hooks(); loadpin_add_hooks(); /* * Load all the remaining security modules. */ do_security_initcalls(); return 0; } === Reported-by: Jann Horn <jann@thejh.net> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
0647331a06
commit
611d3ac40a
|
@ -2082,8 +2082,9 @@ is highly specific to the operating system and architecture.
|
|||
Various parts of the kernel-user-space API (not just
|
||||
.BR ptrace (2)
|
||||
operations), require so-called "ptrace access mode permissions" which
|
||||
are gated by Linux Security Modules (LSMs) such as
|
||||
SELinux, Yama, Smack, or the default LSM.
|
||||
are gated by any enabled Linux Security Module (LSMs)\(emfor example,
|
||||
SELinux, Yama, or Smack\(emand by the the commoncap LSM
|
||||
(which is always invoked).
|
||||
Prior to Linux 2.6.27, all such checks were of a single type.
|
||||
Since Linux 2.6.27,
|
||||
.\" commit 006ebb40d3d65338bd74abb03b945f8d60e362bd
|
||||
|
@ -2128,7 +2129,7 @@ shorthand for labeling the different kernel checks.
|
|||
|
||||
Since Linux 4.5,
|
||||
.\" commit caaee6234d05a58c5b4d05e7bf766131b810a657
|
||||
the above access mode checks are be combined (ORed) with
|
||||
the above access mode checks are combined (ORed) with
|
||||
one of the following modifiers:
|
||||
.TP
|
||||
.B PTRACE_MODE_FSCREDS
|
||||
|
@ -2214,7 +2215,7 @@ The kernel LSM
|
|||
.IR security_ptrace_access_check ()
|
||||
interface is invoked to see if ptrace access is permitted.
|
||||
The results depend on the LSM.
|
||||
The implementation of this interface in the default LSM performs
|
||||
The implementation of this interface in the commoncap LSM performs
|
||||
the following steps:
|
||||
.\" (in cap_ptrace_access_check()):
|
||||
.RS
|
||||
|
@ -2246,7 +2247,7 @@ The caller has the
|
|||
capability in the target process's user namespace.
|
||||
.RE
|
||||
.IP
|
||||
Note that the default LSM does not distinguish between
|
||||
Note that the commoncap LSM does not distinguish between
|
||||
.B PTRACE_MODE_READ
|
||||
and
|
||||
.BR PTRACE_MODE_ATTACH .
|
||||
|
|
Loading…
Reference in New Issue