lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 31 May 2012 18:42:20 +1000 (EST)
From:	James Morris <jmorris@...ei.org>
To:	kosaki.motohiro@...il.com
cc:	linux-kernel@...r.kernel.org,
	KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>,
	Vasiliy Kulikov <segoon@...nwall.com>,
	Chris Wright <chrisw@...s-sol.org>,
	James Morris <james.l.morris@...cle.com>,
	linux-security-module@...r.kernel.org,
	Serge Hallyn <serge.hallyn@...onical.com>
Subject: Re: [PATCH] security: kill security_task_fix_setuid()

On Thu, 31 May 2012, kosaki.motohiro@...il.com wrote:

> From: KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>
> 
> commit 72fa5997 (move RLIMIT_NPROC check from set_user() to do_execve_common())
> pointed out set*uid() failure can cause a security problem.
> Thus, security_task_fix_setuid() potentially has the same issue. Any security
> module shouldn't use it. This patch kills it completely.
> 
> Luckily, any security module don't use it. then, this patch doesn't make any
> userland visible change.

Capabilities uses it.


-- 
James Morris
<jmorris@...ei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ