From: David Howells <dhowells@redhat.com>
To: unlisted-recipients:; (no To-header on input)
Cc: dhowells@redhat.com, "Andrew G. Morgan" <morgan@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
"Serge E. Hallyn" <serue@us.ibm.com>,
lkml <linux-kernel@vger.kernel.org>,
Linux Security Modules List
<linux-security-module@vger.kernel.org>
Subject: Re: [PATCH 1/4] security: filesystem capabilities bugfix1
Date: Mon, 30 Jun 2008 14:30:35 +0100 [thread overview]
Message-ID: <18390.1214832635@redhat.com> (raw)
In-Reply-To: <29651.1214831711@redhat.com>
David Howells <dhowells@redhat.com> wrote:
> > +kernel_cap_t cap_set_effective(const kernel_cap_t pE_new)
>
> Hmmm... kernel_cap_t is a structure that might not fit into a single register.
> It occurs to me that you might be better off returing the old caps through a
> pointer argument.
Apply something like the attached, perhaps? (Note the attached patch is
missing the change from linux/capability.h because my version is not
compatible with your submitted patch).
David
diff --git a/fs/open.c b/fs/open.c
index 3b53948..24b4a11 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -451,9 +451,9 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
*/
#endif /* ndef CONFIG_SECURITY_FILE_CAPABILITIES */
if (current->uid)
- old_cap = cap_set_effective(__cap_empty_set);
+ cap_set_effective(&__cap_empty_set, &old_cap);
else
- old_cap = cap_set_effective(current->cap_permitted);
+ cap_set_effective(¤t->cap_permitted, &old_cap);
}
res = __user_walk_fd(dfd, filename, LOOKUP_FOLLOW|LOOKUP_ACCESS, &nd);
@@ -484,9 +484,8 @@ out:
current->fsuid = old_fsuid;
current->fsgid = old_fsgid;
- if (!issecure(SECURE_NO_SETUID_FIXUP)) {
- (void) cap_set_effective(old_cap);
- }
+ if (!issecure(SECURE_NO_SETUID_FIXUP))
+ cap_set_effective(&old_cap, NULL);
return res;
}
diff --git a/kernel/capability.c b/kernel/capability.c
index c3bf957..13c496a 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -126,18 +126,16 @@ static int cap_validate_magic(cap_user_header_t header, unsigned *tocopy)
* value. No permission check is performed here - it is assumed that the
* caller is permitted to set the desired effective capabilities.
*/
-kernel_cap_t cap_set_effective(const kernel_cap_t pE_new)
+void cap_set_effective(const kernel_cap_t *pE_new,
+ kernel_cap_t *_pE_old)
{
- kernel_cap_t pE_old;
-
spin_lock(&task_capability_lock);
- pE_old = current->cap_effective;
- current->cap_effective = pE_new;
+ if (_pE_old)
+ *_pE_old = current->cap_effective;
+ current->cap_effective = *pE_new;
spin_unlock(&task_capability_lock);
-
- return pE_old;
}
EXPORT_SYMBOL(cap_set_effective);
next prev parent reply other threads:[~2008-06-30 13:31 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-26 8:47 [PATCH 1/4] security: filesystem capabilities bugfix1 Andrew G. Morgan
2008-06-27 20:52 ` Serge E. Hallyn
2008-06-30 13:15 ` David Howells
2008-06-30 13:30 ` David Howells [this message]
2008-07-01 21:49 ` Andrew Morton
2008-07-01 22:04 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=18390.1214832635@redhat.com \
--to=dhowells@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=morgan@kernel.org \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.