From: Steve Grubb <sgrubb@redhat.com>
To: "Andrew G. Morgan" <morgan@kernel.org>
Cc: "Serge E. Hallyn" <serue@us.ibm.com>,
lkml <linux-kernel@vger.kernel.org>,
linux-security-module@vger.kernel.org,
Kees Cook <kees.cook@canonical.com>,
Andreas Gruenbacher <agruen@suse.de>,
Michael Kerrisk <mtk.manpages@gmail.com>,
George Wilson <gcwilson@us.ibm.com>,
KaiGai Kohei <kaigai@kaigai.gr.jp>
Subject: Re: drop SECURITY_FILE_CAPABILITIES?
Date: Thu, 19 Nov 2009 15:26:15 -0500 [thread overview]
Message-ID: <200911191526.15345.sgrubb@redhat.com> (raw)
In-Reply-To: <551280e50911190735u210e2c60xc944c333b122d22d@mail.gmail.com>
On Thursday 19 November 2009 10:35:12 am Andrew G. Morgan wrote:
> How about this change?
>
> @@ -169,8 +169,11 @@ SYSCALL_DEFINE2(capget, cap_user_header_
> kernel_cap_t pE, pI, pP;
>
> ret = cap_validate_magic(header, &tocopy);
> - if (ret != 0)
> + if ((ret != 0) || (dataptr == NULL)) {
> + if ((ret == -EINVAL) && (dataptr == NULL))
> + return 0;
> return ret;
> + }
>
> if (get_user(pid, &header->pid))
> return -EFAULT;
>
> ? This is a slightly modified version of what you posted before.
> Specifically, in the case that the user guessed a compatible version
> this NULL call will succeed and not EFAULT.
Sure. Looks good to me.
Thanks,
-Steve
next prev parent reply other threads:[~2009-11-19 20:27 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-10 14:07 drop SECURITY_FILE_CAPABILITIES? Serge E. Hallyn
2009-11-10 15:28 ` Steve Grubb
2009-11-10 15:53 ` Serge E. Hallyn
2009-11-10 17:51 ` Steve Grubb
2009-11-11 0:19 ` Serge E. Hallyn
2009-11-18 16:40 ` Andrew G. Morgan
2009-11-18 17:49 ` Steve Grubb
2009-11-18 18:36 ` Andrew G. Morgan
2009-11-18 19:33 ` Steve Grubb
2009-11-18 19:39 ` Andrew G. Morgan
2009-11-19 15:35 ` Andrew G. Morgan
2009-11-19 20:26 ` Steve Grubb [this message]
2009-11-10 17:23 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200911191526.15345.sgrubb@redhat.com \
--to=sgrubb@redhat.com \
--cc=agruen@suse.de \
--cc=gcwilson@us.ibm.com \
--cc=kaigai@kaigai.gr.jp \
--cc=kees.cook@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=morgan@kernel.org \
--cc=mtk.manpages@gmail.com \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.