Quoting Casey Schaufler ([email protected]):
>
>
> --- "Serge E. Hallyn" <[email protected]> wrote:
>
>
> > +
> > + bprm->cap_effective = fscaps[0];
> > + bprm->cap_inheritable = fscaps[1];
> > + bprm->cap_permitted = fscaps[2];
> > +
>
> It does not appear that you're attempting
> to maintain the POSIX exec semantics for
> capability sets. (If you're doing it
> elsewhere in the code, nevermind) I don't
> know if this is intentional or not.
It should be getting done correctly at bprm_apply_creds.
The code you quote here is just setting it on the
binprm, which represents the executable itself (and as
pointed out in the comment above it).
Now the cap_bprm_secureexec() function needs to be
updated as I believe I pointed out in the original
submission. But if anything else is not getting done
right please correct me.
> I will have a closer look, but just for
> grins, I've attached code from the SGI
> OB1 offering of some years back that
> includes a function, cap_recalc, that
> implements the correct behavior. I will
> also take a stab at working it in, but
Excellent, thanks.
> I expect someone will beat me to it.
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
