From mboxrd@z Thu Jan 1 00:00:00 1970 From: Lukasz Pawelczyk Subject: Re: [PATCH v2 1/2] capabilities: Ambient capabilities Date: Fri, 15 May 2015 13:32:03 +0200 Message-ID: <1431689523.1769.1.camel@samsung.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Return-path: In-reply-to: Sender: linux-security-module-owner@vger.kernel.org To: Andy Lutomirski Cc: Serge Hallyn , Andrew Morton , Jarkko Sakkinen , Ted Ts'o , "Andrew G. Morgan" , Linux API , Mimi Zohar , Michael Kerrisk , Austin S Hemmelgarn , linux-security-module , Aaron Jones , Serge Hallyn , LKML , Markku Savela , Kees Cook , Jonathan Corbet , Christoph Lameter , Andy Lutomirski List-Id: linux-api@vger.kernel.org On czw, 2015-05-14 at 23:39 -0700, Andy Lutomirski wrote: > @@ -696,10 +729,18 @@ static inline void cap_emulate_setxuid(struct cred *new, const struct cred *old) > uid_eq(old->suid, root_uid)) && > (!uid_eq(new->uid, root_uid) && > !uid_eq(new->euid, root_uid) && > - !uid_eq(new->suid, root_uid)) && > - !issecure(SECURE_KEEP_CAPS)) { > - cap_clear(new->cap_permitted); > - cap_clear(new->cap_effective); > + !uid_eq(new->suid, root_uid))) { > + if (!issecure(SECURE_KEEP_CAPS)) { > + cap_clear(new->cap_permitted); > + cap_clear(new->cap_effective); > + } > + > + /* > + * Pre-ambient programs except setresuid to nonroot followed I think you meant "expect". This typo changes the meaning of the sentence. > + * by exec to drop capabilities. We should make sure that > + * this remains the case. > + */ > + cap_clear(new->cap_ambient); > } -- Lukasz Pawelczyk