diff options
Diffstat (limited to 'security/commoncap.c')
| -rw-r--r-- | security/commoncap.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index 6d4d586b9356..78b37838a2d3 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
| @@ -548,9 +548,10 @@ skip: | |||
| 548 | 548 | ||
| 549 | if ((is_setid || | 549 | if ((is_setid || |
| 550 | !cap_issubset(new->cap_permitted, old->cap_permitted)) && | 550 | !cap_issubset(new->cap_permitted, old->cap_permitted)) && |
| 551 | bprm->unsafe & ~LSM_UNSAFE_PTRACE_CAP) { | 551 | ((bprm->unsafe & ~LSM_UNSAFE_PTRACE) || |
| 552 | !ptracer_capable(current, new->user_ns))) { | ||
| 552 | /* downgrade; they get no more than they had, and maybe less */ | 553 | /* downgrade; they get no more than they had, and maybe less */ |
| 553 | if (!capable(CAP_SETUID) || | 554 | if (!ns_capable(new->user_ns, CAP_SETUID) || |
| 554 | (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS)) { | 555 | (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS)) { |
| 555 | new->euid = new->uid; | 556 | new->euid = new->uid; |
| 556 | new->egid = new->gid; | 557 | new->egid = new->gid; |