This patch is applies cleanly against the new printk() patch. It
allows setuid and setgid on a process if the user is already root.
This allows non-root users to log in.
Signed off by: Michael Halcrow <[email protected]>
Index: linux-2.6.12-rc4-mm2-seclvl/security/seclvl.c
===================================================================
--- linux-2.6.12-rc4-mm2-seclvl.orig/security/seclvl.c 2005-05-20 09:09:07.000000000 -0500
+++ linux-2.6.12-rc4-mm2-seclvl/security/seclvl.c 2005-05-20 09:09:13.000000000 -0500
@@ -447,12 +447,12 @@
"network administrative task while "
"in secure level [%d] denied\n", seclvl);
return -EPERM;
- } else if (cap == CAP_SETUID) {
+ } else if (cap == CAP_SETUID && current->uid != 0) {
seclvl_printk(1, KERN_WARNING, "Attempt to setuid "
"while in secure level [%d] denied\n",
seclvl);
return -EPERM;
- } else if (cap == CAP_SETGID) {
+ } else if (cap == CAP_SETGID && current->uid != 0) {
seclvl_printk(1, KERN_WARNING, "Attempt to setgid "
"while in secure level [%d] denied\n",
seclvl);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]