| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <483572CC.9060705@kernel.org>
Date: Thu, 22 May 2008 06:19:08 -0700
From: "Andrew G. Morgan" <morgan@...nel.org>
To: Andrew Morton <akpm@...ux-foundation.org>
CC: "Serge E. Hallyn" <serue@...ibm.com>,
lkml <linux-kernel@...r.kernel.org>,
Linux Security Modules List
<linux-security-module@...r.kernel.org>
Subject: Re: [PATCH] security: protect legacy apps from insufficient privilege
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andrew Morton wrote:
| With a judiciously placed `continue' we can do this:
|
| CAP_FOR_EACH_U32(i) {
| __u32 value_cpu;
|
| if (i >= tocopy) {
| /*
| * Legacy capability sets have no upper bits
| */
| bprm->cap_post_exec_permitted.cap[i] = 0;
| continue;
| }
| /*
| * pP' = (X & fP) | (pI & fI)
| */
| value_cpu = le32_to_cpu(caps->data[i].permitted);
| bprm->cap_post_exec_permitted.cap[i] =
| (current->cap_bset.cap[i] & value_cpu) |
| (current->cap_inheritable.cap[i] &
| le32_to_cpu(caps->data[i].inheritable));
| if (value_cpu & ~bprm->cap_post_exec_permitted.cap[i]) {
| /*
| * insufficient to execute correctly
| */
| ret = -EPERM;
| }
| }
|
| OK?
Yes.
Acked-by: Andrew G. Morgan <morgan@...nel.org>
Cheers
Andrew
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFINXLL+bHCR3gb8jsRAiGUAJ49d61n7+uhc3M5vJjT5398w9tRGgCgwLRe
vXHOIIJAoHvlGNACagKSPes=
=oPN0
-----END PGP SIGNATURE-----
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists