From: Andrew G. Morgan Date: Fri, 4 Jul 2008 16:59:59 +0000 (-0700) Subject: security: filesystem capabilities: fix CAP_SETPCAP handling X-Git-Tag: v2.6.26-rc9~22 X-Git-Url: http://pilppa.com/gitweb/?a=commitdiff_plain;h=1209726ce942047c9fefe7cd427dc36f8e9ded53;p=linux-2.6-omap-h63xx.git security: filesystem capabilities: fix CAP_SETPCAP handling The filesystem capability support meaning for CAP_SETPCAP is less powerful than the non-filesystem capability support. As such, when filesystem capabilities are configured, we should not permit CAP_SETPCAP to 'enhance' the current process through strace manipulation of a child process. Signed-off-by: Andrew G. Morgan Acked-by: Serge Hallyn Cc: David Howells Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/security/commoncap.c b/security/commoncap.c index 5edabc7542a..33d34330841 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -103,10 +103,16 @@ static inline int cap_inh_is_capped(void) return (cap_capable(current, CAP_SETPCAP) != 0); } +static inline int cap_limit_ptraced_target(void) { return 1; } + #else /* ie., ndef CONFIG_SECURITY_FILE_CAPABILITIES */ static inline int cap_block_setpcap(struct task_struct *t) { return 0; } static inline int cap_inh_is_capped(void) { return 1; } +static inline int cap_limit_ptraced_target(void) +{ + return !capable(CAP_SETPCAP); +} #endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */ @@ -342,9 +348,10 @@ void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe) bprm->e_uid = current->uid; bprm->e_gid = current->gid; } - if (!capable (CAP_SETPCAP)) { - new_permitted = cap_intersect (new_permitted, - current->cap_permitted); + if (cap_limit_ptraced_target()) { + new_permitted = + cap_intersect(new_permitted, + current->cap_permitted); } } }