[PATCH] Completely honor prctl(PR_SET_KEEPCAPS, 1)

Dax Kelson (dax@gurulabs.com)
Wed, 8 May 2002 03:40:11 -0600 (MDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Oliver Pitzeier: "Problems with mm on Alpha..."
Previous message: Andrea Arcangeli: "Re: 2.4.19pre8aa2"
Next in thread: Keith Owens: "Re: [PATCH] Completely honor prctl(PR_SET_KEEPCAPS, 1)"
Reply: Keith Owens: "Re: [PATCH] Completely honor prctl(PR_SET_KEEPCAPS, 1)"

Originally when a process set*uided all capabilities bits were cleared.
Then sometime later (wish BK went back 3 years), the behaviour was
modified according to the comment "A process may, via prctl(), elect to
keep its capabilites when it calls setuid() and switches away from
uid==0. Both permitted and effective sets will be retained."

The current behavior/implementation doesn't match the comment. Only
permitted capabilities are retained.

This patch against 2.4.18-3 (RHL7.3 kernel, should apply against stock)
fixes it. Now both permitted and effective capabilities are retained.

--- kernel/sys.c-org Wed May 8 01:20:37 2002
+++ kernel/sys.c Wed May 8 01:35:04 2002
@@ -482,7 +482,7 @@
cap_clear(current->cap_permitted);
cap_clear(current->cap_effective);
}
- if (old_euid == 0 && current->euid != 0) {
+ if ((old_euid == 0 && current->euid != 0) && !current->keep_capabilities) {
cap_clear(current->cap_effective);
}
if (old_euid != 0 && current->euid == 0) {

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Oliver Pitzeier: "Problems with mm on Alpha..."
Previous message: Andrea Arcangeli: "Re: 2.4.19pre8aa2"
Next in thread: Keith Owens: "Re: [PATCH] Completely honor prctl(PR_SET_KEEPCAPS, 1)"
Reply: Keith Owens: "Re: [PATCH] Completely honor prctl(PR_SET_KEEPCAPS, 1)"