On Wed, 8 May 2002, Dax Kelson wrote:
> Originally when a process set*uided all capabilities bits were cleared.
> Then sometime later (wish BK went back 3 years), the behaviour was
> modified according to the comment "A process may, via prctl(), elect to
> keep its capabilites when it calls setuid() and switches away from
> uid==0. Both permitted and effective sets will be retained."
>
> The current behavior/implementation doesn't match the comment. Only
> permitted capabilities are retained.
>
> This patch against 2.4.18-3 (RHL7.3 kernel, should apply against stock)
> fixes it. Now both permitted and effective capabilities are retained.
This is a change of behaviour in a fairly security sensitive area, so I'd
like us to step back and ask - should we fix the code or the comment?
An application using prctl()[1] is capability aware. I think it is fair
(and more secure) if we require these applications to explicitly request
raising capabilities in the effective set, after the switch from euid == 0
to euid != 0.
Comments?
Cheers
Chris
[1] There are quite a few now - search google for PR_SET_KEEPCAPS.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/