Ok based on my last email, I've created this patch. Using the source
provided by Roger Espel Llima on Bugtraq, the segment below shows that this
patch still corrects the bug with sendmail/procmail/et al, but doesn't break
the capabilities model that was in effect.
dilbert(mrwizard):/mnt/misc/home/mrwizard$ ./blep
BEFORE: 501 0
GAVE UP: 501 501
GOT BACK: 501 501
dilbert(mrwizard):/mnt/misc/home/mrwizard$ ./suidcap
launching shell...
dilbert(mrwizard):/mnt/misc/home/mrwizard$ /sbin/getpcaps
Capabilities for `(null)': =i cap_setuid-i
dilbert(mrwizard):/mnt/misc/home/mrwizard$ ./blep
BEFORE: 501 0
GAVE UP: 501 501
GOT BACK: 501 501
I also moved cap_bset in the computation of the capabilities so that it's an
overall intersection, or else the inherited capabilities could end up giving
you a capability outside that set.
Again, this works for me, YMMV, but I hope it works for you. Let me know if
I did something evil.
Joe Gooch
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Jun 15 2000 - 21:00:21 EST