fsuid0 caps

From: M.L.PrasannaK.R. (mlpkr@yahoo.com)
Date: Wed Sep 04 2002 - 16:11:18 EST

Next message: Luben Tuikov: "Re: aic7xxx sets CDR offline, how to reset?"
Previous message: Matt Porter: "Re: consequences of lowering "MAX_LOW_MEM"?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In reply to
ttp://www.uwsg.iu.edu/hypermail/linux/kernel/0204.3/0380.html

This is documentation error. There is also a break in default
semantics of uid0 that needs to be fixed.
It is not a security hole as it results in the reduced capabilities
rather than in the increased capabilities.

setresuid(x,x,-1) clears effective caps.
setfsuid(0) rstores CAP_FS_MASK effective caps.
setresuid(-1,-1,x) clears both effective and permitted caps.
Both fs and non fs caps are lost.

This results in uid0 with no capabilties and no way of
restoring them. If this is valid issue, something like
the following patch fixes it.

Thanks,
MLPKR.

__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com

application/x-unknown attachment: fsuid_caps.patch

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Luben Tuikov: "Re: aic7xxx sets CDR offline, how to reset?"
Previous message: Matt Porter: "Re: consequences of lowering "MAX_LOW_MEM"?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sat Sep 07 2002 - 22:00:23 EST