vserver-sources/old/2.1.1_rc28/4414_vs2.1.1-rc28-ptrace-fix01.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

Index: linux-2.6.17/kernel/ptrace.c
===================================================================
--- linux-2.6.17.orig/kernel/ptrace.c
+++ linux-2.6.17/kernel/ptrace.c
@@ -133,6 +133,11 @@ static int may_attach(struct task_struct
 	smp_rmb();
 	if (!task->mm->dumpable && !capable(CAP_SYS_PTRACE))
 		return -EPERM;
+	if (!vx_check(task->xid, VX_ADMIN_P|VX_IDENT))
+		return -EPERM;
+	if (!vx_check(task->xid, VX_IDENT) &&
+		!task_vx_flags(task, VXF_STATE_ADMIN, 0))
+		return -EACCES;
 
 	return security_ptrace(current, task);
 }