Re: compute_creds fixup in -mm

From: Stephen Smalley
Date: Wed Apr 21 2004 - 13:44:46 EST

On Wed, 2004-04-21 at 14:28, Chris Wright wrote:
> * Stephen Smalley (sds@xxxxxxxxxxxxxx) wrote:
> > I didn't see Chris' patch. I assume that the worst case is unexpected
> > program failure due to lack of capability, right? The SELinux security
> The opposite. You'd get a program with non-root euid, but full
> capability set, and AT_SECURE set false. My patch is below.

Sorry, I wasn't clear. I meant the worst case due to the share/ptrace
state check being duplicated in SELinux and in commoncap, as opposed to
being performed once as in Andy's patch.

Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at