summaryrefslogtreecommitdiffstats
path: root/arch
diff options
context:
space:
mode:
authorAndrew G. Morgan <morgan@kernel.org>2008-01-21 17:18:30 -0800
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2008-01-21 19:39:41 -0800
commita6dbb1ef2fc8d73578eacd02ac701f4233175c9f (patch)
treeeb2efa0193cdc7ab6b1f30068571194d0dabf230 /arch
parenta10336043b8193ec603ad54bb79cdcd26bbf94b3 (diff)
downloadop-kernel-dev-a6dbb1ef2fc8d73578eacd02ac701f4233175c9f.zip
op-kernel-dev-a6dbb1ef2fc8d73578eacd02ac701f4233175c9f.tar.gz
Fix filesystem capability support
In linux-2.6.24-rc1, security/commoncap.c:cap_inh_is_capped() was introduced. It has the exact reverse of its intended behavior. This led to an unintended privilege esculation involving a process' inheritable capability set. To be exposed to this bug, you need to have Filesystem Capabilities enabled and in use. That is: - CONFIG_SECURITY_FILE_CAPABILITIES must be defined for the buggy code to be compiled in. - You also need to have files on your system marked with fI bits raised. Signed-off-by: Andrew G. Morgan <morgan@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@akpm@linux-foundation.org>
Diffstat (limited to 'arch')
0 files changed, 0 insertions, 0 deletions
OpenPOWER on IntegriCloud