diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2008-07-04 12:59:59 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-07-04 13:40:08 -0400 |
| commit | 1209726ce942047c9fefe7cd427dc36f8e9ded53 (patch) | |
| tree | 298e78052d6bdd92c78b22c86604f8c8364bc8d9 /security/commoncap.c | |
| parent | 086f7316f0d400806d76323beefae996bb3849b1 (diff) | |
security: filesystem capabilities: fix CAP_SETPCAP handling
The filesystem capability support meaning for CAP_SETPCAP is less powerful
than the non-filesystem capability support. As such, when filesystem
capabilities are configured, we should not permit CAP_SETPCAP to 'enhance'
the current process through strace manipulation of a child process.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/commoncap.c')
| -rw-r--r-- | security/commoncap.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index 5edabc7542ae..33d343308413 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
| @@ -103,10 +103,16 @@ static inline int cap_inh_is_capped(void) | |||
| 103 | return (cap_capable(current, CAP_SETPCAP) != 0); | 103 | return (cap_capable(current, CAP_SETPCAP) != 0); |
| 104 | } | 104 | } |
| 105 | 105 | ||
| 106 | static inline int cap_limit_ptraced_target(void) { return 1; } | ||
| 107 | |||
| 106 | #else /* ie., ndef CONFIG_SECURITY_FILE_CAPABILITIES */ | 108 | #else /* ie., ndef CONFIG_SECURITY_FILE_CAPABILITIES */ |
| 107 | 109 | ||
| 108 | static inline int cap_block_setpcap(struct task_struct *t) { return 0; } | 110 | static inline int cap_block_setpcap(struct task_struct *t) { return 0; } |
| 109 | static inline int cap_inh_is_capped(void) { return 1; } | 111 | static inline int cap_inh_is_capped(void) { return 1; } |
| 112 | static inline int cap_limit_ptraced_target(void) | ||
| 113 | { | ||
| 114 | return !capable(CAP_SETPCAP); | ||
| 115 | } | ||
| 110 | 116 | ||
| 111 | #endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */ | 117 | #endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */ |
| 112 | 118 | ||
| @@ -342,9 +348,10 @@ void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe) | |||
| 342 | bprm->e_uid = current->uid; | 348 | bprm->e_uid = current->uid; |
| 343 | bprm->e_gid = current->gid; | 349 | bprm->e_gid = current->gid; |
| 344 | } | 350 | } |
| 345 | if (!capable (CAP_SETPCAP)) { | 351 | if (cap_limit_ptraced_target()) { |
| 346 | new_permitted = cap_intersect (new_permitted, | 352 | new_permitted = |
| 347 | current->cap_permitted); | 353 | cap_intersect(new_permitted, |
| 354 | current->cap_permitted); | ||
| 348 | } | 355 | } |
| 349 | } | 356 | } |
| 350 | } | 357 | } |