Revert "proc: smaps: Allow smaps access for CAP_SYS_RESOURCE"

This reverts commit 9d19f72b43f495f6f1ef1268dbed1bbade8dea24. This fixes CVE-2017-0710. SELinux allows more fine grained control: We grant processes that need access to smaps CAP_SYS_PTRACE but prohibit them from using ptrace attach(). Bug: 34951864 Bug: 36468447 Change-Id: I8ea67f8771ec212950bc251ee750bd8a7e7c0643 Signed-off-by: Daniel Mentz <danielmentz@google.com>
author: Daniel Mentz <danielmentz@google.com> 2017-07-07 11:27:31 -0700
committer: Daniel Mentz <danielmentz@google.com> 2017-07-21 11:09:08 -0700
commit: 362e08d2572fd592b6a5322763977d898ebefba2 (patch)
tree: 8268adac315acb7214f7aaf03fa0244a62291208 /kernel
parent: 59ff2e15be118b70755d9709be67ed1b842cd5e6 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/kernel/fork.c b/kernel/fork.c
index 968917653c2c..68cfda1c1800 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -827,8 +827,7 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
 
 	mm = get_task_mm(task);
 	if (mm && mm != current->mm &&
-			!ptrace_may_access(task, mode) &&
-			!capable(CAP_SYS_RESOURCE)) {
+			!ptrace_may_access(task, mode)) {
 		mmput(mm);
 		mm = ERR_PTR(-EACCES);
 	}
author	Daniel Mentz <danielmentz@google.com>	2017-07-07 11:27:31 -0700
committer	Daniel Mentz <danielmentz@google.com>	2017-07-21 11:09:08 -0700
commit	362e08d2572fd592b6a5322763977d898ebefba2 (patch)
tree	8268adac315acb7214f7aaf03fa0244a62291208 /kernel
parent	59ff2e15be118b70755d9709be67ed1b842cd5e6 (diff)