[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALCETrU-KEhF-OaHGVOu64TNeemP1pT1Y1Deba9TSGOzfOfu3w@mail.gmail.com>
Date: Tue, 1 Aug 2017 06:46:38 -0700
From: Andy Lutomirski <luto@...nel.org>
To: Kees Cook <keescook@...omium.org>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Andy Lutomirski <luto@...nel.org>,
David Howells <dhowells@...hat.com>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
John Johansen <john.johansen@...onical.com>,
"Serge E. Hallyn" <serge@...lyn.com>,
Paul Moore <paul@...l-moore.com>,
Stephen Smalley <sds@...ho.nsa.gov>,
Casey Schaufler <casey@...aufler-ca.com>,
Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
James Morris <james.l.morris@...cle.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Linux FS Devel <linux-fsdevel@...r.kernel.org>,
LSM List <linux-security-module@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v4 08/15] commoncap: Move cap_elevated calculation into bprm_set_creds
On Mon, Jul 31, 2017 at 4:51 PM, Kees Cook <keescook@...omium.org> wrote:
> Instead of a separate function, open-code the cap_elevated test, which
> lets us entirely remove bprm->cap_effective (to use the local "effective"
> variable instead), and more accurately examine euid/egid changes via the
> existing local "is_setid".
>
> The following LTP tests were run to validate the changes:
>
> # ./runltp -f syscalls -s cap
> # ./runltp -f securebits
> # ./runltp -f cap_bounds
> # ./runltp -f filecaps
>
> All kernel selftests for capabilities and exec continue to pass as well.
>
> Cc: Andy Lutomirski <luto@...nel.org>
> Signed-off-by: Kees Cook <keescook@...omium.org>
> Reviewed-by: James Morris <james.l.morris@...cle.com>
> Acked-by: Serge Hallyn <serge@...lyn.com>
Reviewed-by: Andy Lutomirski <luto@...nel.org>
Powered by blists - more mailing lists