--- linux-2.6.16-rc1/arch/alpha/kernel/ptrace.c 2006-01-26 22:34:30 +0100 +++ linux-2.6.16-rc1-vs2.1.0.9.4/arch/alpha/kernel/ptrace.c 2006-01-21 18:28:01 +0100 @@ -283,6 +283,11 @@ do_sys_ptrace(long request, long pid, lo goto out_notsk; } + if (!vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT)) { + ret = -EPERM; + goto out; + } + if (request == PTRACE_ATTACH) { ret = ptrace_attach(child); goto out; --- linux-2.6.16-rc1/arch/ia64/kernel/ptrace.c 2006-01-26 22:34:43 +0100 +++ linux-2.6.16-rc1-vs2.1.0.9.4/arch/ia64/kernel/ptrace.c 2006-01-21 18:28:01 +0100 @@ -1443,6 +1443,9 @@ sys_ptrace (long request, pid_t pid, uns read_unlock(&tasklist_lock); if (!child) goto out; + if (!vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT)) + goto out_tsk; + ret = -EPERM; if (pid == 1) /* no messing around with init! */ goto out_tsk; --- linux-2.6.16-rc1/arch/m68k/kernel/ptrace.c 2006-01-03 17:29:10 +0100 +++ linux-2.6.16-rc1-vs2.1.0.9.4/arch/m68k/kernel/ptrace.c 2006-01-21 18:28:01 +0100 @@ -280,6 +280,8 @@ long arch_ptrace(struct task_struct *chi ret = ptrace_request(child, request, addr, data); break; } + if (!vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT)) + goto out_tsk; return ret; out_eio: --- linux-2.6.16-rc1/arch/mips/kernel/ptrace.c 2006-01-26 22:34:46 +0100 +++ linux-2.6.16-rc1-vs2.1.0.9.4/arch/mips/kernel/ptrace.c 2006-01-21 18:28:01 +0100 @@ -476,6 +476,8 @@ asmlinkage void do_syscall_trace(struct goto out; if (!test_thread_flag(TIF_SYSCALL_TRACE)) goto out; + if (!vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT)) + goto out_tsk; /* The 0x80 provides a way for the tracing parent to distinguish between a syscall stop and SIGTRAP delivery */ --- linux-2.6.16-rc1/arch/s390/kernel/ptrace.c 2006-01-26 22:34:48 +0100 +++ linux-2.6.16-rc1-vs2.1.0.9.4/arch/s390/kernel/ptrace.c 2006-01-21 18:28:01 +0100 @@ -723,7 +723,13 @@ sys_ptrace(long request, long pid, long goto out; } + if (!vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT)) { + ret = -EPERM; + goto out_tsk; + } + ret = do_ptrace(child, request, addr, data); +out_task: put_task_struct(child); out: unlock_kernel(); --- linux-2.6.16-rc1/arch/sparc/kernel/ptrace.c 2006-01-26 22:34:49 +0100 +++ linux-2.6.16-rc1-vs2.1.0.9.4/arch/sparc/kernel/ptrace.c 2006-01-21 18:28:01 +0100 @@ -299,6 +299,10 @@ asmlinkage void do_ptrace(struct pt_regs pt_error_return(regs, -ret); goto out; } + if (!vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT)) { + pt_error_return(regs, ESRCH); + goto out_tsk; + } if ((current->personality == PER_SUNOS && request == PTRACE_SUNATTACH) || (current->personality != PER_SUNOS && request == PTRACE_ATTACH)) { --- linux-2.6.16-rc1/arch/sparc64/kernel/ptrace.c 2006-01-26 22:34:49 +0100 +++ linux-2.6.16-rc1-vs2.1.0.9.4/arch/sparc64/kernel/ptrace.c 2006-01-21 18:28:01 +0100 @@ -209,6 +209,10 @@ asmlinkage void do_ptrace(struct pt_regs pt_error_return(regs, -ret); goto out; } + if (!vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT)) { + pt_error_return(regs, ESRCH); + goto out_tsk; + } if ((current->personality == PER_SUNOS && request == PTRACE_SUNATTACH) || (current->personality != PER_SUNOS && request == PTRACE_ATTACH)) { --- linux-2.6.16-rc1/arch/v850/kernel/ptrace.c 2006-01-26 22:34:50 +0100 +++ linux-2.6.16-rc1-vs2.1.0.9.4/arch/v850/kernel/ptrace.c 2006-01-21 18:28:01 +0100 @@ -137,6 +137,8 @@ long arch_ptrace(struct task_struct *chi break; rval = -EIO; goto out; + if (!vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT)) + goto out_tsk; /* Read/write the word at location ADDR in the registers. */ case PTRACE_PEEKUSR: --- linux-2.6.16-rc1/kernel/ptrace.c 2006-01-26 22:35:32 +0100 +++ linux-2.6.16-rc1-vs2.1.0.9.4/kernel/ptrace.c 2006-01-28 09:26:49 +0100 @@ -485,6 +485,10 @@ asmlinkage long sys_ptrace(long request, goto out; } + ret = -EPERM; + if (!vx_check(vx_task_xid(child), VX_WATCH|VX_IDENT)) + goto out_put_task_struct; + if (request == PTRACE_ATTACH) { ret = ptrace_attach(child); goto out_put_task_struct;