Andrew Lukoshko
d14f368fbe
ptrace: require CAP_SYS_PTRACE when task has no mm
kABI-safe AlmaLinux backport of upstream commit 31e62c2ebbfd
("ptrace: slightly saner 'get_dumpable()' logic"). Mirrors the patch
shipped on the AlmaLinux 8 main kernel branch at 553.124.4.
The upstream fix adds a user_dumpable bit to task_struct -- that
layout change breaks the kABI signature of struct task_struct,
which is referenced by stablelist exports such as __put_task_struct,
sched_setscheduler, set_cpus_allowed_ptr, and wake_up_process.
Instead, take the minimal kABI-safe slice: in __ptrace_may_access(),
when task->mm == NULL, require CAP_SYS_PTRACE in init_user_ns
unconditionally. This closes the Qualys Security Advisory hole
without touching task_struct or exit.c. The only behavioural delta
versus upstream is that an already-exited user task whose mm has
been cleared now also requires CAP_SYS_PTRACE.
Reintroduce the tarfile_release indirection so pkgrelease can
advance independently of the imported source tarball.
11 MiB
11 MiB
The file is too large to be shown.
View Raw