lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <alpine.LRH.1.10.0808142328260.31210@tundra.namei.org>
Date:	Thu, 14 Aug 2008 23:45:00 +1000 (EST)
From:	James Morris <jmorris@...ei.org>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
cc:	David Howells <dhowells@...hat.com>, linux-kernel@...r.kernel.org
Subject: [GIT] capability fix for 2.6.27

Hi Linus,

Please pull this fix from David Howells:

    Fix the setting of PF_SUPERPRIV by __capable() as it could corrupt the 
    flags the target process if that is not the current process and it is 
    trying to change its own flags in a different way at the same time.

The approach taken involves cleanly separating the way capabilities are 
checked so that capable() now only refers to the current task and assumes 
the capability is about to be used, while has_capability() is used to 
probe generally other tasks without setting PF_SUPERPRIV on those tasks.  
This change is also then reflected in the LSM hooks.


The following changes since commit 8d0968abd03ec6b407df117adc773562386702fa:
  Linus Torvalds (1):
        Merge git://git.kernel.org/.../herbert/crypto-2.6

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 for-linus

David Howells (1):
      security: Fix setting of PF_SUPERPRIV by __capable()

 include/linux/capability.h |   15 +++++++++++-
 include/linux/security.h   |   39 ++++++++++++++++++++++------------
 kernel/capability.c        |   21 +++++++++++-------
 kernel/ptrace.c            |    5 +--
 mm/oom_kill.c              |    6 +++-
 security/capability.c      |    3 +-
 security/commoncap.c       |   24 +++++++++++++++------
 security/root_plug.c       |    3 +-
 security/security.c        |   10 ++++++--
 security/selinux/hooks.c   |   25 ++++++++++++++++------
 security/smack/smack_lsm.c |   49 ++++++++++++++++++++++++++++++-------------
 11 files changed, 137 insertions(+), 63 deletions(-)


-- 
James Morris
<jmorris@...ei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ