linux capabilities oddity - Frank v Waveren

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Frank v Waveren <fvw@var.cx>
To: linux-kernel@vger.kernel.org
Subject: linux capabilities oddity
Date: Sun, 23 Jul 2006 16:36:46 +0200	[thread overview]
Message-ID: <20060723143646.GA2840@var.cx> (raw)

[-- Attachment #1: Type: text/plain, Size: 1884 bytes --]

I sent this to linux-privs-discuss, but that list appears to be dead.
Perhaps someone here can help me?

While debugging an odd problem where /proc/sys/kernel/cap-bound wasn't
working, I came across the following code at
linux-2.6.x/security/commoncap.c:140:

   void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe)
   {
           /* Derived from fs/exec.c:compute_creds. */
           kernel_cap_t new_permitted, working;

           new_permitted = cap_intersect (bprm->cap_permitted, cap_bset);
           working = cap_intersect (bprm->cap_inheritable,
                                    current->cap_inheritable);
           new_permitted = cap_combine (new_permitted, working);
           ...

Here the new permitted set gets limited to the bits in cap_bset, which
is as it should be, but then the intersection of the of the current
and exec inheritable masks get added to that set, whereas as I
understand it, cap_bset should always be the bounding set.

This triggered a problem where the /sbin/init on a gentoo install disk
(which I was using as an quick&dirty UML root disk for testing) for
some reason did something to set its inheritable mask to ~0, which
then propagated to all the processes that ran as root, which meant
that the cap bound didn't apply to them.

I took out the cap_combine and didn't notice any ill effects on some
quick tests, though I don't know POSIX capabilities well enough to say
all the behaviour was per the standard. If someone could tell me what
those lines are for, and if its foiling of cap-bound limits is on
purpose, I'd be most grateful.

-- 
Frank v Waveren                                  Key fingerprint: BDD7 D61E
fvw@var.cx                                              5D39 CF05 4BFC F57A
Public key: hkp://wwwkeys.pgp.net/468D62C8              FA00 7D51 468D 62C8

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

next             reply	other threads:[~2006-07-23 14:36 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-07-23 14:36 Frank v Waveren [this message]
2006-07-25 18:47 ` linux capabilities oddity Serge E. Hallyn
2006-07-27 14:19   ` Frank v Waveren

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060723143646.GA2840@var.cx \
    --to=fvw@var.cx \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox