patch-2.1.120 linux/fs/exec.c
Next file: linux/fs/filesystems.c
Previous file: linux/fs/coda/upcall.c
Back to the patch index
Back to the overall index
- Lines: 33
- Date:
Thu Aug 27 14:30:50 1998
- Orig file:
v2.1.119/linux/fs/exec.c
- Orig date:
Wed Aug 26 11:37:40 1998
diff -u --recursive --new-file v2.1.119/linux/fs/exec.c linux/fs/exec.c
@@ -569,6 +569,15 @@
return retval;
}
+/*
+ * We mustn't allow tracing of suid binaries, unless
+ * the tracer has the capability to trace anything..
+ */
+static inline int must_not_trace_exec(struct task_struct * p)
+{
+ return (p->flags & PF_PTRACED) && !cap_raised(p->p_pptr->cap_effective, CAP_SYS_PTRACE);
+}
+
/*
* Fill the binprm structure from the inode.
* Check permissions, then read the first 512 bytes
@@ -657,15 +666,12 @@
}
}
-
-
-
if (id_change || cap_raised) {
/* We can't suid-execute if we're sharing parts of the executable */
/* or if we're being traced (or if suid execs are not allowed) */
/* (current->mm->count > 1 is ok, as we'll get a new mm anyway) */
if (IS_NOSUID(inode)
- || (current->flags & PF_PTRACED)
+ || must_not_trace_exec(current)
|| (atomic_read(¤t->fs->count) > 1)
|| (atomic_read(¤t->sig->count) > 1)
|| (atomic_read(¤t->files->count) > 1)) {
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen, slshen@lbl.gov