From: Andrew Morgan <morgan@kernel.org>
To: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Adrian Bunk <bunk@kernel.org>,
sds@tycho.nsa.gov, chrisw@sous-sol.org,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [2.6 patch] remove securebits
Date: Wed, 29 Aug 2007 17:51:59 -0700 [thread overview]
Message-ID: <46D614AF.8070206@kernel.org> (raw)
In-Reply-To: <20070828181959.GA24270@vino.hallyn.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Serge E. Hallyn wrote:
> To summarize more clearly, I think that so long as we support
> process trees with a sort of !SECURE_NOROOT support, that
> support should include the ability to use prctl(KEEP_CAPS) the
> way one uses it now.
> When a process tree is in strict capability mode,
> prctl(PR_{G,S}ET_KEEP_CAPS) should return -EINVAL.
I agree. I'll try to code it up in a way that its clear how to delete
this functionality when folk realize they no longer need it...
- -static inline int get_file_caps(struct linux_binprm *bprm)
+int cap_bprm_set_security(struct linux_binprm *bprm)
{
bprm_clear_caps(bprm);
+ bprm_force_uid0_caps(bprm);
+ current->keep_capabilities = 0;
> This is being moved from bprm_apply to bprm_set, which moves it
> earlier. If exec fails later on, keep_capabilities might be set
> to 0 even though exec failed.
I'll look at it again, but I had thought I had preserved the previous
behavior with this condensed version of the code. Are you suggesting an
improvement to what was there, or pointing out I'm inadvertently
breaking the old behavior?
Thanks
Andrew
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG1hSu+bHCR3gb8jsRAhHJAJ9Pn8w2InrhbNjBjpqT9NEE0HX61QCgkBR8
Bo1xJcZGqbsr+IhQ+DDyENA=
=PKx4
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2007-08-30 0:52 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-24 21:06 [2.6 patch] remove securebits Adrian Bunk
2007-08-24 21:19 ` Serge E. Hallyn
2007-08-25 3:50 ` Andrew Morgan
2007-08-25 18:28 ` Adrian Bunk
2007-08-27 15:09 ` Serge E. Hallyn
2007-08-27 15:17 ` Adrian Bunk
2007-08-27 15:28 ` Serge E. Hallyn
2007-08-27 15:58 ` Adrian Bunk
2007-08-28 7:20 ` Andrew Morgan
2007-08-28 14:38 ` Serge E. Hallyn
2007-08-28 18:19 ` Serge E. Hallyn
2007-08-30 0:51 ` Andrew Morgan [this message]
2007-08-30 13:26 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46D614AF.8070206@kernel.org \
--to=morgan@kernel.org \
--cc=bunk@kernel.org \
--cc=chrisw@sous-sol.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox