UBUNTU: SAUCE: Yama: check PTRACE using thread group leader

When examining process ancestory, we must use the thread group leader
or else we end up missing potential matches.

[submitted upstream to security-next]

Signed-off-by: Kees Cook <kees.cook@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>

diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
index 291a9e5..b28d9cc 100644 (file)
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -170,6 +170,8 @@ static int task_is_descendant(struct task_struct *parent,
        rcu_read_lock();
        read_lock(&tasklist_lock);
        while (walker->pid > 0) {
+               if (!thread_group_leader(walker))
+                       walker = walker->group_leader;
                if (walker == parent) {
                        rc = 1;
                        break;