| commit | 2357687b12789a96bbfeea2079d4d8aaf9598add | |
| author | Serge E. Hallyn <serue@us.ibm.com> | |
| Thu, 1 Nov 2007 19:29:22 +0000 (1 19:29 +0000) | ||
| committer | Matthias Urlichs <smurf@hera.kernel.org> | |
| Wed, 14 Nov 2007 11:27:12 +0000 (14 11:27 +0000) | ||
| tree | 5f13c25261aacdf0684a29d4f006480300b6cb3b | treesnapshot (tar.gz zip) |
| parent | 6ddb066a9e698c125fa462b10b144e2f8588531f | commitdiff |
file-capabilities-allow-sigcont-within-session-v2-file-capabilities-remove-the-non-matching-uid-special-case-for-kill
There I went again having one patch do two (related) things.
Remove the special check I had added to cap_task_kill() for
non-matching uids. In fact it turns out the check wouldn't be
safe even if I'd coded it correctly. A binary can be setuid
and owned by a non-root user user1, have file capabilities, and
be executed by user2.
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Cc: Andrew Morgan <morgan@kernel.org>
Cc: Stephen Smalley <sds@epoch.ncsc.mil>
Cc: Chris Wright <chrisw@sous-sol.org>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
There I went again having one patch do two (related) things.
Remove the special check I had added to cap_task_kill() for
non-matching uids. In fact it turns out the check wouldn't be
safe even if I'd coded it correctly. A binary can be setuid
and owned by a non-root user user1, have file capabilities, and
be executed by user2.
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Cc: Andrew Morgan <morgan@kernel.org>
Cc: Stephen Smalley <sds@epoch.ncsc.mil>
Cc: Chris Wright <chrisw@sous-sol.org>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
| security/commoncap.c | diffblobblamehistory |