From: David Howells <dhowells@redhat.com>
To: unlisted-recipients:; (no To-header on input)
Cc: dhowells@redhat.com, "Andrew G. Morgan" <morgan@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
"Serge E. Hallyn" <serue@us.ibm.com>,
lkml <linux-kernel@vger.kernel.org>,
Linux Security Modules List
<linux-security-module@vger.kernel.org>
Subject: Re: [PATCH 1/4] security: filesystem capabilities bugfix1
Date: Mon, 30 Jun 2008 14:30:35 +0100 [thread overview]
Message-ID: <18390.1214832635@redhat.com> (raw)
In-Reply-To: <29651.1214831711@redhat.com>
David Howells <dhowells@redhat.com> wrote:
> > +kernel_cap_t cap_set_effective(const kernel_cap_t pE_new)
>
> Hmmm... kernel_cap_t is a structure that might not fit into a single register.
> It occurs to me that you might be better off returing the old caps through a
> pointer argument.
Apply something like the attached, perhaps? (Note the attached patch is
missing the change from linux/capability.h because my version is not
compatible with your submitted patch).
David
diff --git a/fs/open.c b/fs/open.c
index 3b53948..24b4a11 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -451,9 +451,9 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
*/
#endif /* ndef CONFIG_SECURITY_FILE_CAPABILITIES */
if (current->uid)
- old_cap = cap_set_effective(__cap_empty_set);
+ cap_set_effective(&__cap_empty_set, &old_cap);
else
- old_cap = cap_set_effective(current->cap_permitted);
+ cap_set_effective(¤t->cap_permitted, &old_cap);
}
res = __user_walk_fd(dfd, filename, LOOKUP_FOLLOW|LOOKUP_ACCESS, &nd);
@@ -484,9 +484,8 @@ out:
current->fsuid = old_fsuid;
current->fsgid = old_fsgid;
- if (!issecure(SECURE_NO_SETUID_FIXUP)) {
- (void) cap_set_effective(old_cap);
- }
+ if (!issecure(SECURE_NO_SETUID_FIXUP))
+ cap_set_effective(&old_cap, NULL);
return res;
}
diff --git a/kernel/capability.c b/kernel/capability.c
index c3bf957..13c496a 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -126,18 +126,16 @@ static int cap_validate_magic(cap_user_header_t header, unsigned *tocopy)
* value. No permission check is performed here - it is assumed that the
* caller is permitted to set the desired effective capabilities.
*/
-kernel_cap_t cap_set_effective(const kernel_cap_t pE_new)
+void cap_set_effective(const kernel_cap_t *pE_new,
+ kernel_cap_t *_pE_old)
{
- kernel_cap_t pE_old;
-
spin_lock(&task_capability_lock);
- pE_old = current->cap_effective;
- current->cap_effective = pE_new;
+ if (_pE_old)
+ *_pE_old = current->cap_effective;
+ current->cap_effective = *pE_new;
spin_unlock(&task_capability_lock);
-
- return pE_old;
}
EXPORT_SYMBOL(cap_set_effective);
next prev parent reply other threads:[~2008-06-30 13:31 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-26 8:47 [PATCH 1/4] security: filesystem capabilities bugfix1 Andrew G. Morgan
2008-06-27 20:52 ` Serge E. Hallyn
2008-06-30 13:15 ` David Howells
2008-06-30 13:30 ` David Howells [this message]
2008-07-01 21:49 ` Andrew Morton
2008-07-01 22:04 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=18390.1214832635@redhat.com \
--to=dhowells@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=morgan@kernel.org \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox