diff options
author | Tejun Heo <tj@kernel.org> | 2011-06-17 16:50:38 +0200 |
---|---|---|
committer | Oleg Nesterov <oleg@redhat.com> | 2011-06-22 19:26:29 +0200 |
commit | 4b9d33e6d83cc05a8005a8f9a8b9677fa0f53626 (patch) | |
tree | 250b740d22f9604326ecfd769dd2f74d60187a19 /fs/exec.c | |
parent | a288eecce5253cc1565d400a52b9b476a157e040 (diff) | |
download | op-kernel-dev-4b9d33e6d83cc05a8005a8f9a8b9677fa0f53626.zip op-kernel-dev-4b9d33e6d83cc05a8005a8f9a8b9677fa0f53626.tar.gz |
ptrace: kill clone/exec tracehooks
At this point, tracehooks aren't useful to mainline kernel and mostly
just add an extra layer of obfuscation. Although they have comments,
without actual in-kernel users, it is difficult to tell what are their
assumptions and they're actually trying to achieve. To mainline
kernel, they just aren't worth keeping around.
This patch kills the following clone and exec related tracehooks.
tracehook_prepare_clone()
tracehook_finish_clone()
tracehook_report_clone()
tracehook_report_clone_complete()
tracehook_unsafe_exec()
The changes are mostly trivial - logic is moved to the caller and
comments are merged and adjusted appropriately.
The only exception is in check_unsafe_exec() where LSM_UNSAFE_PTRACE*
are OR'd to bprm->unsafe instead of setting it, which produces the
same result as the field is always zero on entry. It also tests
p->ptrace instead of (p->ptrace & PT_PTRACED) for consistency, which
also gives the same result.
This doesn't introduce any behavior change.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Diffstat (limited to 'fs/exec.c')
-rw-r--r-- | fs/exec.c | 7 |
1 files changed, 6 insertions, 1 deletions
@@ -1224,7 +1224,12 @@ int check_unsafe_exec(struct linux_binprm *bprm) unsigned n_fs; int res = 0; - bprm->unsafe = tracehook_unsafe_exec(p); + if (p->ptrace) { + if (p->ptrace & PT_PTRACE_CAP) + bprm->unsafe |= LSM_UNSAFE_PTRACE_CAP; + else + bprm->unsafe |= LSM_UNSAFE_PTRACE; + } n_fs = 1; spin_lock(&p->fs->lock); |