summaryrefslogtreecommitdiffstats
path: root/include/net/ip.h
diff options
context:
space:
mode:
authorZhi Li <lizhi1215@gmail.com>2011-08-11 13:27:50 +0800
committerJames Morris <jmorris@namei.org>2011-08-12 15:06:57 +1000
commit4d49f6710bfbd2271feab074f8c1053387e5d9fe (patch)
tree87a508aa2a51d2d855c3b67961a711bd636d842c /include/net/ip.h
parentf995e74087402c482c55c29bf11da8bcf631245a (diff)
downloadop-kernel-dev-4d49f6710bfbd2271feab074f8c1053387e5d9fe.zip
op-kernel-dev-4d49f6710bfbd2271feab074f8c1053387e5d9fe.tar.gz
capabilities: do not grant full privs for setuid w/ file caps + no effective caps
A task (when !SECURE_NOROOT) which executes a setuid-root binary will obtain root privileges while executing that binary. If the binary also has effective capabilities set, then only those capabilities will be granted. The rationale is that the same binary can carry both setuid-root and the minimal file capability set, so that on a filesystem not supporting file caps the binary can still be executed with privilege, while on a filesystem supporting file caps it will run with minimal privilege. This special case currently does NOT happen if there are file capabilities but no effective capabilities. Since capability-aware programs can very well start with empty pE but populated pP and move those caps to pE when needed. In other words, if the file has file capabilities but NOT effective capabilities, then we should do the same thing as if there were file capabilities, and not grant full root privileges. This patchset does that. (Changelog by Serge Hallyn). Signed-off-by: Zhi Li <lizhi1215@gmail.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include/net/ip.h')
0 files changed, 0 insertions, 0 deletions
OpenPOWER on IntegriCloud