Re: disable-cap-mlock

From: Stephen Smalley
Date: Thu Apr 01 2004 - 12:43:10 EST

Next message: Andrea Arcangeli: "Re: disable-cap-mlock"
Previous message: William Lee Irwin III: "Re: disable-cap-mlock"
In reply to: Andrea Arcangeli: "Re: disable-cap-mlock"
Next in thread: William Lee Irwin III: "Re: disable-cap-mlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2004-04-01 at 12:16, William Lee Irwin III wrote:
> +static int capability_sysctl_capable(task_t *task, int cap)
> +{
> + if (cap < 0 || cap >= ARRAY_SIZE(capability_sysctl_state))
> + return -EINVAL;
> + switch (capability_sysctl_state[cap]) {
> + case CAPABILITY_SYSCTL_ROOT:
> + if (current->uid == 0)
> + return 0;
> + /* fall through */

See dummy_capable for the root logic, i.e.:
if (cap_is_fs_cap (cap) ? task->fsuid == 0 : task->euid == 0)
return 0;

Note that you shouldn't assume that task == current. The intent is to
support capability checks against other processes as well, e.g. the old
OOM killer code performed such checks as part of deciding which process
to kill.

Why fall through as opposed to just returning -EPERM?

What prevents any uid 0 process from changing these sysctl settings
(aside from SELinux, if you happen to use it and configure the policy
accordingly)?

--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrea Arcangeli: "Re: disable-cap-mlock"
Previous message: William Lee Irwin III: "Re: disable-cap-mlock"
In reply to: Andrea Arcangeli: "Re: disable-cap-mlock"
Next in thread: William Lee Irwin III: "Re: disable-cap-mlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]