diff options
| author | Mickaël Salaün <mic@linux.microsoft.com> | 2021-04-22 17:41:14 +0200 |
|---|---|---|
| committer | James Morris <jamorris@linux.microsoft.com> | 2021-04-22 12:22:10 -0700 |
| commit | afe81f754117dd96853677c5cb815f49abef0ba0 (patch) | |
| tree | 9c89ace4b459dece96d08922e6ae9be04bf22091 /security/selinux/hooks.c | |
| parent | 385975dca53eb41031d0cbd1de318eb1bc5d6bb9 (diff) | |
| download | linux-afe81f754117dd96853677c5cb815f49abef0ba0.tar.bz2 | |
landlock: Add ptrace restrictions
Using ptrace(2) and related debug features on a target process can lead
to a privilege escalation. Indeed, ptrace(2) can be used by an attacker
to impersonate another task and to remain undetected while performing
malicious activities. Thanks to ptrace_may_access(), various part of
the kernel can check if a tracer is more privileged than a tracee.
A landlocked process has fewer privileges than a non-landlocked process
and must then be subject to additional restrictions when manipulating
processes. To be allowed to use ptrace(2) and related syscalls on a
target process, a landlocked process must have a subset of the target
process's rules (i.e. the tracee must be in a sub-domain of the tracer).
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Reviewed-by: Jann Horn <jannh@google.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210422154123.13086-5-mic@digikod.net
Signed-off-by: James Morris <jamorris@linux.microsoft.com>
Diffstat (limited to 'security/selinux/hooks.c')
0 files changed, 0 insertions, 0 deletions