aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorAndrew G. Morgan <morgan@kernel.org>2008-07-04 12:59:58 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2008-07-04 13:40:08 -0400
commit086f7316f0d400806d76323beefae996bb3849b1 (patch)
tree679405a89b7f8c7a75d3896e43c837b5a5115d7b /kernel
parentabbaeff38c00cb7f6817ec1cef406b27081ebedd (diff)
security: filesystem capabilities: fix fragile setuid fixup code
This commit includes a bugfix for the fragile setuid fixup code in the case that filesystem capabilities are supported (in access()). The effect of this fix is gated on filesystem capability support because changing securebits is only supported when filesystem capabilities support is configured.) [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Andrew G. Morgan <morgan@kernel.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/capability.c21
1 files changed, 21 insertions, 0 deletions
diff --git a/kernel/capability.c b/kernel/capability.c
index cfbe44299488..901e0fdc3fff 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -121,6 +121,27 @@ static int cap_validate_magic(cap_user_header_t header, unsigned *tocopy)
121 * uninteresting and/or not to be changed. 121 * uninteresting and/or not to be changed.
122 */ 122 */
123 123
124/*
125 * Atomically modify the effective capabilities returning the original
126 * value. No permission check is performed here - it is assumed that the
127 * caller is permitted to set the desired effective capabilities.
128 */
129kernel_cap_t cap_set_effective(const kernel_cap_t pE_new)
130{
131 kernel_cap_t pE_old;
132
133 spin_lock(&task_capability_lock);
134
135 pE_old = current->cap_effective;
136 current->cap_effective = pE_new;
137
138 spin_unlock(&task_capability_lock);
139
140 return pE_old;
141}
142
143EXPORT_SYMBOL(cap_set_effective);
144
124/** 145/**
125 * sys_capget - get the capabilities of a given process. 146 * sys_capget - get the capabilities of a given process.
126 * @header: pointer to struct that contains capability version and 147 * @header: pointer to struct that contains capability version and