| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060829183710.GO2584@suse.de>
Date: Tue, 29 Aug 2006 11:37:10 -0700
From: Seth Arnold <seth.arnold@...e.de>
To: "Serge E. Hallyn" <serue@...ibm.com>
Cc: Stephen Smalley <sds@...ho.nsa.gov>,
Joshua Brindle <method@...too.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Nicholas Miell <nmiell@...cast.net>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
lkml <linux-kernel@...r.kernel.org>,
linux-security-module@...r.kernel.org, chrisw@...s-sol.org
Subject: Re: [RFC] [PATCH] file posix capabilities
On Mon, Aug 28, 2006 at 04:39:12PM -0500, Serge E. Hallyn wrote:
> +int cap_task_kill(struct task_struct *p, struct siginfo *info,
> + int sig, u32 secid)
> +{
> + if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info)))
> + return 0;
> +
> + if (secid)
> + /*
> + * Signal sent as a particular user.
> + * Capabilities are ignored. May be wrong, but it's the
> + * only thing we can do at the moment.
> + * Used only by usb drivers?
> + */
> + return 0;
> + if (current->uid == 0 || current->euid == 0)
> + return 0;
uid/euid checks feel out of place in the capabilities code.
> + if (capable(CAP_KILL))
> + return 0;
> + if (cap_issubset(p->cap_permitted, current->cap_permitted))
> + return 0;
> +
> + return -EPERM;
> +}
Thanks Serge
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists