From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755895AbcH2S2u (ORCPT ); Mon, 29 Aug 2016 14:28:50 -0400 Received: from mail-oi0-f52.google.com ([209.85.218.52]:35521 "EHLO mail-oi0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751314AbcH2S2s (ORCPT ); Mon, 29 Aug 2016 14:28:48 -0400 MIME-Version: 1.0 In-Reply-To: <1471906870-28624-1-git-send-email-john.stultz@linaro.org> References: <1471906870-28624-1-git-send-email-john.stultz@linaro.org> From: John Stultz Date: Mon, 29 Aug 2016 11:28:47 -0700 Message-ID: Subject: Re: [RESEND][PATCH] proc: Fix timerslack_ns CAP_SYS_NICE check when adjusting self To: lkml Cc: John Stultz , Kees Cook , "Serge E. Hallyn" , Andrew Morton , Thomas Gleixner , Arjan van de Ven , Oren Laadan , Ruchi Kandoi , Rom Lemarchand , Todd Kjos , Colin Cross , Nick Kralevich , Dmitry Shmidt , Elliott Hughes , Android Kernel Team Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 22, 2016 at 4:01 PM, John Stultz wrote: > In changing from checking ptrace_may_access(p, PTRACE_MODE_ATTACH_FSCREDS) > to capable(CAP_SYS_NICE), I missed that ptrace_my_access succeeds > when p == current, but the CAP_SYS_NICE doesn't. > > Thus while the previous commit was intended to loosen the needed > privledges to modify a processes timerslack, it needlessly restricted > a task modifying its own timerslack via the proc//timerslack_ns > (which is permitted also via the PR_SET_TIMERSLACK method). > > This patch corrects this by checking if p == current before checking > the CAP_SYS_NICE value. > > This patch applies on top of my two previous patches currently in -mm Ping? Any feedback or comments on this one? thanks -john