[PATCH] capabilities: reset current->pdeath_signal when increasing capabilities

From: Serge E . Hallyn
Date: Tue Aug 28 2007 - 14:32:35 EST

Next message: Sam Ravnborg: "Re: [-mm patch] make types.h usable for non-gcc C parsers"
Previous message: Rusty Russell: "Re: [PATCH 3/3] KVM paravirt-ops implementation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If running a program which has file capabilities which are not a subset
of the capabilities of the current task, reset pdeath_signal = 0 to
prevent the task parent from (deliberately) signaling a more privileged
app.

Signed-off-by: Serge E. Hallyn <serue@xxxxxxxxxx>
---
security/commoncap.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/security/commoncap.c b/security/commoncap.c
index d65ddd3..43f9027 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -315,6 +315,7 @@ void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe)
if (bprm->e_uid != current->uid || bprm->e_gid != current->gid ||
!cap_issubset (new_permitted, current->cap_permitted)) {
set_dumpable(current->mm, suid_dumpable);
+ current->pdeath_signal = 0;

if (unsafe & ~LSM_UNSAFE_PTRACE_CAP) {
if (!capable(CAP_SETUID)) {
--
1.5.1.1.GIT

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sam Ravnborg: "Re: [-mm patch] make types.h usable for non-gcc C parsers"
Previous message: Rusty Russell: "Re: [PATCH 3/3] KVM paravirt-ops implementation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]