ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2121271 CVE: CVE-2022-30594

commit ee1fee900537b5d9560e9f937402de5ddc8412f3 Author: Jann Horn jannh@google.com Date: Sat Mar 19 02:08:37 2022 +0100

ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE

Setting PTRACE_O_SUSPEND_SECCOMP is supposed to be a highly privileged
operation because it allows the tracee to completely bypass all seccomp
filters on kernels with CONFIG_CHECKPOINT_RESTORE=y. It is only supposed to
be settable by a process with global CAP_SYS_ADMIN, and only if that
process is not subject to any seccomp filters at all.

However, while these permission checks were done on the PTRACE_SETOPTIONS
path, they were missing on the PTRACE_SEIZE path, which also sets
user-specified ptrace flags.

Move the permissions checks out into a helper function and let both
ptrace_attach() and ptrace_setoptions() call it.

Cc: stable@kernel.org
Fixes: 13c4a90119d2 ("seccomp: add ptrace options for suspend/resume")
Signed-off-by: Jann Horn <jannh@google.com>
Link: https://lkml.kernel.org/r/20220319010838.1386861-1-jannh@google.com
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>

Signed-off-by: Oleg Nesterov oleg@redhat.com Signed-off-by: Alex Gladkov agladkov@redhat.com