From: "Luiz Fernando N. Capitulino" <lcapitulino@mandriva.com.br>
To: serge@hallyn.com
Cc: lkml <linux-kernel@vger.kernel.org>,
linux-security-module@vger.kernel.org,
Andrew Morgan <morgan@kernel.org>,
Stephen Smalley <sds@epoch.ncsc.mil>,
Mike Galbraith <efault@gmx.de>,
buraphalinuxserver@gmail.com, elendil@planet.nl,
stable@kernel.org
Subject: Re: [PATCH 1/1] file capabilities: remove cap_task_kill()
Date: Mon, 3 Mar 2008 09:50:15 -0300 [thread overview]
Message-ID: <20080303095015.6725686f@mandriva.com.br> (raw)
In-Reply-To: <20080229212634.GA7278@vino.hallyn.com>
Em Fri, 29 Feb 2008 15:26:34 -0600
serge@hallyn.com escreveu:
| Quoting Luiz Fernando N. Capitulino (lcapitulino@mandriva.com.br):
| > Em Thu, 28 Feb 2008 11:38:17 -0600
| > serge@hallyn.com escreveu:
| >
| > | The original justification for cap_task_kill() was as follows:
| > |
| > | check_kill_permission() does appropriate uid equivalence checks.
| > | However with file capabilities it becomes possible for an
| > | unprivileged user to execute a file with file capabilities
| > | resulting in a more privileged task with the same uid.
| > |
| > | However now that cap_task_kill() always returns 0 (permission
| > | granted) when p->uid==current->uid, the whole hook is worthless,
| > | and only likely to create more subtle problems in the corner cases
| > | where it might still be called but return -EPERM. Those cases
| > | are basically when uids are different but euid/suid is equivalent
| > | as per the check in check_kill_permission().
| > |
| > | This patch removes cap_task_kill().
| >
| > 2.6.24 seems to have the same bug, what about a rediff for it and
| > submit the patch to -stable team?
|
| Luiz, could you confirm that the below works?
Yes, it does.
Thanks.
--
Luiz Fernando N. Capitulino
next prev parent reply other threads:[~2008-03-03 12:51 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-28 17:38 [PATCH 1/1] file capabilities: remove cap_task_kill() serge
2008-02-28 19:14 ` BuraphaLinux Server
2008-02-28 19:42 ` Serge E. Hallyn
2008-02-29 20:40 ` Luiz Fernando N. Capitulino
2008-02-29 21:26 ` serge
2008-03-03 12:50 ` Luiz Fernando N. Capitulino [this message]
2008-03-05 19:17 ` Chris Friedhoff
2008-03-01 22:05 ` Andrew G. Morgan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080303095015.6725686f@mandriva.com.br \
--to=lcapitulino@mandriva.com.br \
--cc=buraphalinuxserver@gmail.com \
--cc=efault@gmx.de \
--cc=elendil@planet.nl \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=morgan@kernel.org \
--cc=sds@epoch.ncsc.mil \
--cc=serge@hallyn.com \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox