Revert "proc: smaps: Allow smaps access for CAP_SYS_RESOURCE"

This reverts commit d590b5b6953304edb000de90335a3b4838b2482c. This fixes CVE-2017-0710. SELinux allows more fine grained control: We grant processes that need access to smaps CAP_SYS_PTRACE but prohibit them from using ptrace attach(). Bug: 34951864 Bug: 36468447 Change-Id: I081033cf8fd7058b41cb464200b544e24651372d Signed-off-by: Daniel Mentz <danielmentz@google.com>
author: Daniel Mentz <danielmentz@google.com> 2017-07-07 12:02:15 -0700
committer: Mister Oyster <oysterized@gmail.com> 2017-07-11 13:47:08 +0200
commit: 8eb6031c4e2f12719983a5b8c42499e799263d00 (patch)
tree: 2c9a31ab6fac532fc0ba1e7254123eb3d1abd18e /kernel
parent: a66b6e388a3d55080414862d1b6920d4d2fca4ca (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/kernel/fork.c b/kernel/fork.c
index cdd0e4019..9db86f811 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -735,8 +735,7 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
 
 	mm = get_task_mm(task);
 	if (mm && mm != current->mm &&
-			!ptrace_may_access(task, mode) &&
-			!capable(CAP_SYS_RESOURCE)) {
+			!ptrace_may_access(task, mode)) {
 		mmput(mm);
 		mm = ERR_PTR(-EACCES);
 	}
author	Daniel Mentz <danielmentz@google.com>	2017-07-07 12:02:15 -0700
committer	Mister Oyster <oysterized@gmail.com>	2017-07-11 13:47:08 +0200
commit	8eb6031c4e2f12719983a5b8c42499e799263d00 (patch)
tree	2c9a31ab6fac532fc0ba1e7254123eb3d1abd18e /kernel
parent	a66b6e388a3d55080414862d1b6920d4d2fca4ca (diff)