CRED: Separate task security context from task_struct

[net-next-2.6.git] / kernel / ptrace.c

diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index 937f6b5b2008c9056888e23a4520128a53703b8d..49849d12dd123aa2971c933c81936c59199fce78 100644 (file)
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -115,6 +115,8 @@ int ptrace_check_attach(struct task_struct *child, int kill)
 
 int __ptrace_may_access(struct task_struct *task, unsigned int mode)
 {
+       struct cred *cred = current->cred, *tcred = task->cred;
+
        /* May we inspect the given task?
         * This check is used both for attaching with ptrace
         * and for allowing access to sensitive information in /proc.
@@ -123,19 +125,18 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode)
         * because setting up the necessary parent/child relationship
         * or halting the specified task is impossible.
         */
-       uid_t uid;
-       gid_t gid;
+       uid_t uid = cred->uid;
+       gid_t gid = cred->gid;
        int dumpable = 0;
        /* Don't let security modules deny introspection */
        if (task == current)
                return 0;
-       current_uid_gid(&uid, &gid);
-       if ((uid != task->euid ||
-            uid != task->suid ||
-            uid != task->uid  ||
-            gid != task->egid ||
-            gid != task->sgid ||
-            gid != task->gid) && !capable(CAP_SYS_PTRACE))
+       if ((uid != tcred->euid ||
+            uid != tcred->suid ||
+            uid != tcred->uid  ||
+            gid != tcred->egid ||
+            gid != tcred->sgid ||
+            gid != tcred->gid) && !capable(CAP_SYS_PTRACE))
                return -EPERM;
        smp_rmb();
        if (task->mm)