From: Chris Wright <chris@wirex.com>
To: linux-kernel@vger.kernel.org
Subject: [PATCH] Re: Capabilities-related change in 2.5.40
Date: Wed, 2 Oct 2002 00:38:17 -0700 [thread overview]
Message-ID: <20021002003817.B26557@figure1.int.wirex.com> (raw)
In-Reply-To: <20021001211210.GA8784@nevyn.them.org>; from dan@debian.org on Tue, Oct 01, 2002 at 05:12:11PM -0400
* Daniel Jacobowitz (dan@debian.org) wrote:
>
> Yes. It was pointed out to me that libcap2 snapshots behave correctly.
Ah, thanks for the info. Hmm, libcap2 still looks like it sets up the
header with pid == 0. Maybe I'm missing something.
> Not init: swapper.
Yes, although INIT_TASK sets up the task_struct for swapper.
> Try it on 2.4:
> drow@nevyn:~% getpcaps 0
> Capabilities for `0': =
>
> 2.5.40 gives me a very different answer :)
Heh, you're right. However, 2.5.20 behaves the same as 2.4. Looking
back this appears to be caused by 2.5.21 locking cleanups done by rml.
The older code interpreted pid == 0 to mean current, whereas the new
code unconditionally does find_task_by_pid(0). This patch fixes that,
and then pid == 0 from libcap should work again.
--- 1.5/kernel/capability.c Sun Sep 15 12:19:29 2002
+++ edited/kernel/capability.c Wed Oct 2 00:28:32 2002
@@ -33,7 +33,7 @@
int ret = 0;
pid_t pid;
__u32 version;
- task_t *target;
+ task_t *target = current;
struct __user_cap_data_struct data;
if (get_user(version, &header->version))
@@ -52,21 +52,20 @@
return -EINVAL;
spin_lock(&task_capability_lock);
- read_lock(&tasklist_lock);
- target = find_task_by_pid(pid);
- if (!target) {
- ret = -ESRCH;
- goto out;
+ if (pid && pid != current->pid) {
+ read_lock(&tasklist_lock);
+ target = find_task_by_pid(pid);
+ read_unlock(&tasklist_lock);
+ if (!target) {
+ ret = -ESRCH;
+ goto out;
+ }
}
- data.permitted = cap_t(target->cap_permitted);
- data.inheritable = cap_t(target->cap_inheritable);
- data.effective = cap_t(target->cap_effective);
ret = security_ops->capget(target, &data.effective, &data.inheritable, &data.permitted);
out:
- read_unlock(&tasklist_lock);
spin_unlock(&task_capability_lock);
if (!ret && copy_to_user(dataptr, &data, sizeof data))
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
next prev parent reply other threads:[~2002-10-02 7:40 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-01 16:49 Capabilities-related change in 2.5.40 Daniel Jacobowitz
2002-10-01 20:45 ` Chris Wright
2002-10-01 21:12 ` Daniel Jacobowitz
2002-10-02 7:38 ` Chris Wright [this message]
2002-10-02 13:23 ` [PATCH] " Daniel Jacobowitz
2002-10-02 14:33 ` Robert Love
2002-10-02 16:44 ` Chris Wright
2002-10-02 18:10 ` Robert Love
2002-10-02 18:21 ` Chris Wright
2002-10-02 16:25 ` Chris Wright
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20021002003817.B26557@figure1.int.wirex.com \
--to=chris@wirex.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox