mirror of https://github.com/mkerrisk/man-pages
ptrace.2: Further fixes after review from Jann Horn
Reported-by: Jann Horn <jann@thejh.net> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
a330bffa78
commit
78f0786577
|
@ -2183,12 +2183,20 @@ thread group, access is always allowed.
|
||||||
.IP 2.
|
.IP 2.
|
||||||
If the access mode specifies
|
If the access mode specifies
|
||||||
.BR PTRACE_MODE_FSCREDS ,
|
.BR PTRACE_MODE_FSCREDS ,
|
||||||
then for the check in the next step,
|
then, for the check in the next step,
|
||||||
employ the caller's filesystem user ID and group ID (see
|
employ the caller's filesystem UID and GID.
|
||||||
.BR credentials (7));
|
(As noted in
|
||||||
otherwise (the access mode specifies
|
.BR credentials (7),
|
||||||
|
the filesystem UID and GID almost always have the same values
|
||||||
|
as the corresponding effective IDs.)
|
||||||
|
|
||||||
|
Otherwise, the access mode specifies
|
||||||
.BR PTRACE_MODE_REALCREDS ,
|
.BR PTRACE_MODE_REALCREDS ,
|
||||||
so) use the caller's real user ID and group ID.
|
so use the caller's real UID and GID for the checks in the next step.
|
||||||
|
(Most APIs that check the caller's UID and GID use the effective IDs.
|
||||||
|
For historical reasons, the
|
||||||
|
.BR PTRACE_MODE_REALCREDS
|
||||||
|
check uses the real IDs instead.)
|
||||||
.IP 3.
|
.IP 3.
|
||||||
Deny access if
|
Deny access if
|
||||||
.I neither
|
.I neither
|
||||||
|
|
Loading…
Reference in New Issue