Steffen Dettmer wrote:
> > In 2.4.20, the actual permission checks for ptrace() are (from
> > kernel/ptrace.c):
> >
> > if (!task->mm->dumpable && !capable(CAP_SYS_PTRACE))
> > goto bad;
>
> This is really "&&"?
Yep; cut-n-paste'd from the 2.4.20 source code. Note that a similar
situation applies to the previous set of checks as well.
> I had guessed, that if there is no
> CAP_SYS_PTRACE, there is no ptrace allowed at all, and same
> sounds logical for the "dumpable". What I'm missing?
I don't know for sure, but it would appear that the capability is
meant to override the ad-hoc mechanism. The following comment in
kernel/sys.c suggests that the capability-handling code deals with uid
manipulation issues itself.
* cap_emulate_setxuid() fixes the effective / permitted capabilities of
* a process after a call to setuid, setreuid, or setresuid.
*
* 1) When set*uiding _from_ one of {r,e,s}uid == 0 _to_ all of
* {r,e,s}uid != 0, the permitted and effective capabilities are
* cleared.
*
* 2) When set*uiding _from_ euid == 0 _to_ euid != 0, the effective
* capabilities of the process are cleared.
*
* 3) When set*uiding _from_ euid != 0 _to_ euid == 0, the effective
* capabilities are set to the permitted capabilities.
*
* fsuid is handled elsewhere. fsuid == 0 and {r,e,s}uid!= 0 should
* never happen.
--
Glynn Clements <glynn.clements@virgin.net>
This archive was generated by hypermail 2b30 : Mon Jan 13 2003 - 07:53:43 PST