kernel

History

Andrew Lukoshko 053da2e7bb Bump version to 4.18.0-553.124.4 ptrace: require CAP_SYS_PTRACE when task has no mm kABI-safe AlmaLinux backport of upstream commit 31e62c2ebbfd ("ptrace: slightly saner 'get_dumpable()' logic"). The upstream fix adds a user_dumpable bit to task_struct and caches it from exit_mm() -- both layout changes would break the kABI signature of struct task_struct (referenced by stablelist exports such as __put_task_struct, sched_setscheduler, set_cpus_allowed_ptr, and wake_up_process). Instead, take the minimal kABI-safe slice: in __ptrace_may_access(), when task->mm == NULL, require CAP_SYS_PTRACE in init_user_ns unconditionally. This closes the Qualys Security Advisory hole without touching task_struct or exit.c. The only behavioural delta versus upstream is that an already-exited user task whose mm has been cleared now also requires CAP_SYS_PTRACE.	2026-05-15 07:33:28 +00:00
..
kernel.spec	Bump version to 4.18.0-553.124.4	2026-05-15 07:33:28 +00:00

Andrew Lukoshko 053da2e7bb Bump version to 4.18.0-553.124.4

ptrace: require CAP_SYS_PTRACE when task has no mm

kABI-safe AlmaLinux backport of upstream commit 31e62c2ebbfd
("ptrace: slightly saner 'get_dumpable()' logic"). The upstream
fix adds a user_dumpable bit to task_struct and caches it from
exit_mm() -- both layout changes would break the kABI signature
of struct task_struct (referenced by stablelist exports such as
__put_task_struct, sched_setscheduler, set_cpus_allowed_ptr, and
wake_up_process).

Instead, take the minimal kABI-safe slice: in __ptrace_may_access(),
when task->mm == NULL, require CAP_SYS_PTRACE in init_user_ns
unconditionally. This closes the Qualys Security Advisory hole
without touching task_struct or exit.c. The only behavioural
delta versus upstream is that an already-exited user task whose
mm has been cleared now also requires CAP_SYS_PTRACE.

2026-05-15 07:33:28 +00:00

kernel.spec

Bump version to 4.18.0-553.124.4

2026-05-15 07:33:28 +00:00