Re: [PATCH 1/4] security: filesystem capabilities bugfix1

Date: Tue, 1 Jul 2008 15:04:06 -0700
From: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [PATCH 1/4] security: filesystem capabilities bugfix1

I'll assume that patches 1 and 2 are needed in 2.6.26 and that
patches 3 and 4 are for 2.6.27.

Patches 1 and/or 2 caused a reject in
security-protect-legacy-applications-from-executing-with-insufficient-privilege.patch:

***************
*** 350,357 ****
  				bprm->e_gid = current->gid;
  			}
  			if (!capable (CAP_SETPCAP)) {
- 				new_permitted = cap_intersect (new_permitted,
- 							current->cap_permitted);
  			}
  		}
  	}
--- 364,372 ----
  				bprm->e_gid = current->gid;
  			}
  			if (!capable (CAP_SETPCAP)) {
+ 				bprm->cap_post_exec_permitted = cap_intersect(
+ 					bprm->cap_post_exec_permitted,
+ 					current->cap_permitted);
  			}
  		}
  	}

which looked simple to fix.  I'll resend the resulting diff - please
check.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

References:
- [PATCH 1/4] security: filesystem capabilities bugfix1
  - From: Andrew G. Morgan

Prev by Date: Re: [PATCH] Add btgpio driver
Next by Date: Re: RFC: Add mtdset= to Documentation/kernel-parameters
Previous by thread: Re: [PATCH 1/4] security: filesystem capabilities bugfix1
Next by thread: [PATCH 2/4] security: filesystem capabilities bugfix2
Index(es):
- Date
- Thread

lists-archives.org

Re: [PATCH 1/4] security: filesystem capabilities bugfix1