Re: [PATCH] security/commoncap: don't assume "setid" if all ids are identical

From: Max Kellermann
Date: Fri May 09 2025 - 02:15:56 EST

Next message: Jyothi Kumar Seerapu: "Re: [PATCH v6 2/2] i2c: i2c-qcom-geni: Add Block event interrupt support"
Previous message: Jiri Pirko: "Re: [PATCH net-next v3 2/3] dpll: add phase_offset_monitor_get/set callback ops"
In reply to: sergeh: "Re: [PATCH] security/commoncap: don't assume "setid" if all ids are identical"
Next in thread: Eric W. Biederman: "Re: [PATCH] security/commoncap: don't assume "setid" if all ids are identical"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, May 9, 2025 at 12:12 AM <sergeh@xxxxxxxxxx> wrote:
> ABI stability is about the most important thing to Linus, so yes, if
> documentation and code disagree, then we should fix the documentation,
> except in the case where the current behavior just really is wrong
> or insecure.

It is insecure indeed (can be abused for LD_PRELOAD
attacks):https://lore.kernel.org/lkml/CAKPOu+8+1uVrDJHwmHJd2d46-N6AwjR4_bbtoSJS+sx6J=rkjg@xxxxxxxxxxxxxx/

Next message: Jyothi Kumar Seerapu: "Re: [PATCH v6 2/2] i2c: i2c-qcom-geni: Add Block event interrupt support"
Previous message: Jiri Pirko: "Re: [PATCH net-next v3 2/3] dpll: add phase_offset_monitor_get/set callback ops"
In reply to: sergeh: "Re: [PATCH] security/commoncap: don't assume "setid" if all ids are identical"
Next in thread: Eric W. Biederman: "Re: [PATCH] security/commoncap: don't assume "setid" if all ids are identical"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]