Re: compute_creds fixup in -mm

From: Chris Wright
Date: Wed Apr 21 2004 - 13:59:57 EST

* Stephen Smalley (sds@xxxxxxxxxxxxxx) wrote:
> On Wed, 2004-04-21 at 14:28, Chris Wright wrote:
> > * Stephen Smalley (sds@xxxxxxxxxxxxxx) wrote:
> > > I didn't see Chris' patch. I assume that the worst case is unexpected
> > > program failure due to lack of capability, right? The SELinux security
> >
> > The opposite. You'd get a program with non-root euid, but full
> > capability set, and AT_SECURE set false. My patch is below.
> Sorry, I wasn't clear. I meant the worst case due to the share/ptrace
> state check being duplicated in SELinux and in commoncap, as opposed to
> being performed once as in Andy's patch.

Ah, indeed.

Linux Security Modules
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at