Hi,
I was working with passing capabilities through an exec and it
didn't do what I expected it to. That is, if I set a bit in
the inherited capabilities, it is not "inherited" after an
exec(). After going through the code many times, and still not
understanding it, I hacked together this patch. It probably
has unforseen side effects and there was probably some
reason it was not done in the first place.
Thanks for the kernel, I have a new found appreciation for it.
Manfred
Patch against 2.6.12-rc6:
Signed-off-by: Manfred Georg <[email protected]>
diff -uprN -X dontdiff linux-2.6.12-rc6/security/commoncap.c linux/security/commoncap.c
--- linux-2.6.12-rc6/security/commoncap.c 2005-03-02 01:38:07.000000000 -0600
+++ linux/security/commoncap.c 2005-06-08 14:02:21.000000000 -0500
@@ -113,10 +113,11 @@ int cap_bprm_set_security (struct linux_
{
/* Copied from fs/exec.c:prepare_binprm. */
- /* We don't have VFS support for capabilities yet */
- cap_clear (bprm->cap_inheritable);
- cap_clear (bprm->cap_permitted);
- cap_clear (bprm->cap_effective);
+ bprm->cap_inheritable = current->cap_inheritable;
+ bprm->cap_permitted = cap_intersect(current->cap_inheritable,
+ current->cap_permitted);
+ bprm->cap_effective = cap_intersect(bprm->cap_permitted,
+ current->cap_effective);
/* To support inheritance of root-permissions and suid-root
* executables under compatibility mode, we raise all three
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]