A small bug in ptrace(2) "Ptrace access mode checking"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello, Michael!
I've noticed a small bug in ptrace(2) man page at NOTES -> Ptrace access mode checking -> 5(b): 

b) Deny access if neither of the following is true:

             · The caller and the target process are in the same user
               namespace, and the caller's capabilities are a proper
               superset of the target process's permitted capabilities.
· The caller has the CAP_SYS_PTRACE capability in the target 
               process's user namespace.
The usage of "*proper* superset" seems wrong because (a) it'd deny access in a common case when both the caller and the target have the same capabilities and (b) it doesn't correspond to the kernel code, which checks for a non-strict superset[1].
I believe that "proper superset" should be replaced with just "superset".
[1] https://elixir.bootlin.com/linux/v5.1.11/source/security/commoncap.c#L152 

Thanks for your great work on the man pages!

--Alexey
[Index of Archives]     [Kernel Documentation]     [Netdev]     [Linux Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux