exec: Test the ptracer's saved cred to see if the tracee can gain caps

Now that we have user namespaces and non-global capabilities verify
the tracer has capabilities in the relevant user namespace instead
of in the current_user_ns().

As the test for setting LSM_UNSAFE_PTRACE_CAP is currently
ptracer_capable(p, current_user_ns()) and the new task credentials are
in current_user_ns() this change does not have any user visible change
and simply moves the test to where it is used, making the code easier
to read.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

diff --git a/security/commoncap.c b/security/commoncap.c
index feb6044..cbb203c 100644 (file)
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -548,7 +548,8 @@ skip:
 
        if ((is_setid ||
             !cap_issubset(new->cap_permitted, old->cap_permitted)) &&
-           bprm->unsafe & ~LSM_UNSAFE_PTRACE_CAP) {
+           ((bprm->unsafe & ~(LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) ||
+            !ptracer_capable(current, new->user_ns))) {
                /* downgrade; they get no more than they had, and maybe less */
                if (!ns_capable(new->user_ns, CAP_SETUID) ||
                    (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS)) {