Re: PATCH: signals security

Alexander Kjeldaas (astor@guardian.no)
Fri, 22 May 1998 00:00:13 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Kurt Garloff: "Re: NE2000 PCI problems FIXED!"
Previous message: =?ISO-8859-1?Q?Andr=E9?= Derrick Balsa: "Re: Cyrix 6x86MX and Centaur C6 CPUs in 2.1.102"

--7JfCtLOvnd9MIVvH
Content-Type: text/plain; charset=us-ascii

On Thu, May 21, 1998 at 07:49:37PM +0200, Rik van Riel wrote:
>
> This would indeed be the 'perfect' solution.

Attached is a patch implementing a cap_used set.

astor

-- 
 Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway
 http://www.guardian.no/

--7JfCtLOvnd9MIVvH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="cap-used.diff"

diff -urN linux/fs/proc/array.c l/fs/proc/array.c
--- linux/fs/proc/array.c	Wed May  6 20:01:45 1998
+++ l/fs/proc/array.c	Thu May 21 23:36:13 1998
@@ -768,10 +768,12 @@
 {
     return buffer + sprintf(buffer, "CapInh:\t%016x\n"
 			    "CapPrm:\t%016x\n"
-			    "CapEff:\t%016x\n",
+			    "CapEff:\t%016x\n"
+			    "CapUsd:\t%016x\n",
 			    p->cap_inheritable.cap,
 			    p->cap_permitted.cap,
-			    p->cap_effective.cap);
+			    p->cap_effective.cap,
+			    p->cap_used.cap);
 }
 
 
diff -urN linux/include/linux/sched.h l/include/linux/sched.h
--- linux/include/linux/sched.h	Thu May 21 23:20:19 1998
+++ l/include/linux/sched.h	Thu May 21 23:40:45 1998
@@ -261,7 +261,7 @@
 	gid_t gid,egid,sgid,fsgid;
 	int ngroups;
 	gid_t	groups[NGROUPS];
-        kernel_cap_t   cap_effective, cap_inheritable, cap_permitted;
+        kernel_cap_t   cap_effective, cap_inheritable, cap_permitted, cap_used;
 /* limits */
 	struct rlimit rlim[RLIM_NLIMITS];
 	unsigned short used_math;
@@ -354,7 +354,7 @@
 /* process credentials */					\
 /* uid etc */	0,0,0,0,0,0,0,0,				\
 /* suppl grps*/ 0, {0,},					\
-/* caps */      CAP_INIT_EFF_SET,CAP_INIT_INH_SET,CAP_FULL_SET, \
+/* caps */      CAP_INIT_EFF_SET,CAP_INIT_INH_SET,CAP_FULL_SET,CAP_EMPTY_SET, \
 /* rlimits */   INIT_RLIMITS, \
 /* math */	0, \
 /* comm */	"swapper", \
@@ -572,6 +572,7 @@
 #endif
         {
 		current->flags |= PF_SUPERPRIV;
+		current->cap_used.cap |= CAP_TO_MASK(cap);
 		return 1;
 	}
 	return 0;
diff -urN linux/kernel/fork.c l/kernel/fork.c
--- linux/kernel/fork.c	Wed May  6 23:42:54 1998
+++ l/kernel/fork.c	Thu May 21 23:27:53 1998
@@ -506,6 +506,7 @@
 	p->tty_old_pgrp = 0;
 	p->times.tms_utime = p->times.tms_stime = 0;
 	p->times.tms_cutime = p->times.tms_cstime = 0;
+	cap_clear(p->cap_used);
 #ifdef __SMP__
 	{
 		int i;

--7JfCtLOvnd9MIVvH--

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Kurt Garloff: "Re: NE2000 PCI problems FIXED!"
Previous message: =?ISO-8859-1?Q?Andr=E9?= Derrick Balsa: "Re: Cyrix 6x86MX and Centaur C6 CPUs in 2.1.102"