Re: [PATCH 1/4] security: filesystem capabilities bugfix1

From: Andrew Morton
Date: Tue Jul 01 2008 - 18:13:30 EST

Next message: Russell King - ARM Linux: "Re: RFC: Add mtdset= to Documentation/kernel-parameters"
Previous message: Randy.Dunlap: "Re: [PATCH] Add btgpio driver"
In reply to: Andrew Morton: "Re: [PATCH 1/4] security: filesystem capabilities bugfix1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'll assume that patches 1 and 2 are needed in 2.6.26 and that
patches 3 and 4 are for 2.6.27.

Patches 1 and/or 2 caused a reject in
security-protect-legacy-applications-from-executing-with-insufficient-privilege.patch:

***************
*** 350,357 ****
bprm->e_gid = current->gid;
}
if (!capable (CAP_SETPCAP)) {
- new_permitted = cap_intersect (new_permitted,
- current->cap_permitted);
}
}
}
--- 364,372 ----
bprm->e_gid = current->gid;
}
if (!capable (CAP_SETPCAP)) {
+ bprm->cap_post_exec_permitted = cap_intersect(
+ bprm->cap_post_exec_permitted,
+ current->cap_permitted);
}
}
}

which looked simple to fix. I'll resend the resulting diff - please
check.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Russell King - ARM Linux: "Re: RFC: Add mtdset= to Documentation/kernel-parameters"
Previous message: Randy.Dunlap: "Re: [PATCH] Add btgpio driver"
In reply to: Andrew Morton: "Re: [PATCH 1/4] security: filesystem capabilities bugfix1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]