------=_NextPart_000_0042_01BFD2D7.F4472C90
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Ok based on my last email, I've created this patch. Using the source
provided by Roger Espel Llima on Bugtraq, the segment below shows that this
patch still corrects the bug with sendmail/procmail/et al, but doesn't break
the capabilities model that was in effect.
dilbert(mrwizard):/mnt/misc/home/mrwizard$ ./blep
BEFORE: 501 0
GAVE UP: 501 501
GOT BACK: 501 501
dilbert(mrwizard):/mnt/misc/home/mrwizard$ ./suidcap
launching shell...
dilbert(mrwizard):/mnt/misc/home/mrwizard$ /sbin/getpcaps
Capabilities for `(null)': =i cap_setuid-i
dilbert(mrwizard):/mnt/misc/home/mrwizard$ ./blep
BEFORE: 501 0
GAVE UP: 501 501
GOT BACK: 501 501
I also moved cap_bset in the computation of the capabilities so that it's an
overall intersection, or else the inherited capabilities could end up giving
you a capability outside that set.
Again, this works for me, YMMV, but I hope it works for you. Let me know if
I did something evil.
Joe Gooch
------=_NextPart_000_0042_01BFD2D7.F4472C90
Content-Type: application/x-gzip;
name="linux-2.2.16-capfix.patch.gz"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="linux-2.2.16-capfix.patch.gz"
H4sICEtrQjkAA2xpbnV4LTIuMi4xNi1jYXBmaXgucGF0Y2gApVZtb9pIEP6Mf8VUJ/VsjAFDXkmp
0vaIjl6ToIRIdzqdkDHrZJXFtrzrvKhpfvvNrAHb4JBeji9rdp95f3ZmHccBwcP0wek0O013z7nz
Qi6E1wpkiz0wv+nXLj0FX9MQ3Da0271ut7d7CJ12u23Ytl2W9b044A/Vom6n5+73up1M9PgYnD23
23APwNbrHhwfG1BDDRNfMC8xp3Eydz7SfxYEzFf8jllHBiCmVQcYRyDTOI4SBTy8YQlXXugziAJI
okg5MUvmXEoehRK8cIZYPnPoxHBg+UMt5GWqvKlgEtJwxhLwo3nsKT7lgqtHmEcz1oB7BonHJQNP
CFA3CWNlLeijtxCQTEkIogRhDAIuWNOw/4fBZWiIN+waKaBgVvl4xTLklovfAMMAolA8amjCPAGY
HeAS2tq0PsrsE6DoQ0kLuaLzrBSbZfYx/SSSR7npSUuXkAdgvsMCIS5h5uXgy9XFYHJ2fnF+PrYs
+G44NQ3JOMAm5F+/D214egKUSFionI/LTcLb/wWP9muaaOjzJEiFKHCtEC2yzXkZuIo8g/0gpVUu
WLDNXInaqERfi+5uw+3gteh2aaVrUUh7nPA7zOk1g1mEJAojBdcReNceD6WCCNOfgHyUis2RWriF
hQyVLJUAxlijkN3DqFg9IsCMBTzEv1MmonvAziAZA7Ner1tNXbmarswtS0ImJuS/yhmA3ImSWx5e
H1E1SpjVAZB4zpk+ZClXLEEmqKrsNjRkiv7pDNUWqraIFirY0KnH5C8pUFnhskq8j1PMgbkZl6UD
q0ZXer5FLnd8sb8ep74gGillStsFYDGanIZ0DZZM07eX8utqZQte7Xcb+0irfRcXzaqMCdg05qnw
ICUR6iDsLhJ35OuqvXBkGpc9I+sk9QWR4uGvaCIeYjesZyyBeERbZjCC9/CnBU/4OcTPeGhhH9wE
Fc4tkigqH2jlCH0PwSBn799nn5u0Qe0K0Nnn9j8rt4b9YaH4MOqP8mIM+oNV22y1IO7HSeQzKRsQ
9KlJZSk62GngqLL3Djq0UpIoqSUy48WpKHLG7dLZG+j9FnZvJXeVQ0vOVgei2bpN7FWqb0/CmtVi
+NloP8Gi8pArPYvuvVCBinBKKexjeriUSImSpc62wJD8RHnyFrABpr5qItFTSQrlLY81JJWpJwzn
pddPVvIWdtKqB5Drbn8AvSSNbyBUsNvN30A7nb3GIdi0oFL9BIrEbCL1+MivOv0/WsxNnQDBzC+f
RpPLwfhq+JulRxplNlmTYxV6iv+DxYZW79SYoEcH2jAX46s4PC2aphsHpADt22+XzfrWhkvrMRRc
XI77F18QBCBCrMetddi1H6C1oFXkVZqE4AxGg4vTo9XTpGz7XR+oJvRtvcwYHvoinbGWPmzlL7Pm
zTp/dnru7nb+/KQuzSZ3P2dT57DdwAd1thCZDPglm+lAbBmcjsZ/EWcW90VFWU8z6U1UBJ5cfftW
wOXA53Xk8Gw4ngxOTpboAhIb9zNBxueT00+Xfyz5OsIVK+RsaBme/b6hBc3ZPwV8zdxaJpagBwtM
Fz58APwqRLaaoaaP80F41xbaMjNLPnK5DyUtGmEZ/wI9SAVSSw0AAA==
------=_NextPart_000_0042_01BFD2D7.F4472C90--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/