Re: Bug in 2.2.3

Topi Miettinen (Topi.Miettinen@medialab.sonera.fi)
Wed, 17 Mar 1999 21:43:20 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Frode Vatvedt Fjeld: "V4L bttv buglet"
Previous message: Nicholas Henke: "ac2 compile error"
Maybe in reply to: Nuno Loureiro: "Bug in 2.2.3"

Alan Cox writes:
> > Tonight, I found that doing a kill -9 -1 as a normal user kills roo
>t
> > processes in 2.2.3ac1.
> > I talked with other person and he had the same results with 2.2.3
> > plain.
>
> I think your tester screwed up. 2.2.3ac1 does indeed have that problem - its
> test code you get test code sized bugs 8). 2.2.3ac2 doesn;t have the problem
> 2.2.3 vanilla doesn't appear to have the problem either. It certainly doesn't
> contain the erroneous capability check I was playing with

The problem is missing '!' in the capapability check line (same as with
arch/*/ptrace.c). cap_issubset(t->cap_permitted, current->cap_permitted)
returns 1 if current's capabilities are greater or equal to t's
capabilities.

ac1, kernel/signal.c:

&& (current->uid ^ t->suid) && (current->uid ^ t->uid)
&& (cap_issubset(t->cap_permitted, current->cap_permitted))
&& !capable(CAP_SYS_ADMIN))

Simple fix would look like:
&& !(cap_issubset(t->cap_permitted, current->cap_permitted))

I'd like to hear comments about whether CAP_SYS_PTRACE should override the
capability comparison in arch/*/ptrace.c (in the above case it seems
justified). Of course, that capability shouldn't be needed in a production
system :).

-Topi

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Frode Vatvedt Fjeld: "V4L bttv buglet"
Previous message: Nicholas Henke: "ac2 compile error"
Maybe in reply to: Nuno Loureiro: "Bug in 2.2.3"