[PATCH 1/1] file capabilities: don't prevent signaling setuid root programs.

From: Serge E . Hallyn
Date: Tue Nov 20 2007 - 03:47:35 EST

Next message: Heiko Carstens: "Re: [PATCH 39/59] drivers/s390: Add missing "space""
Previous message: Ingo Molnar: "[patch] softlockup: do the wakeup from a hrtimer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When an unprivileged user runs a setuid root program in !SECURE_NOROOT
mode, fP, fI, and fE are set full on, so pP' and pE' are full on.
Then cap_task_kill() prevents the user from signaling the setuid root
task. This is a change in behavior compared to when
!CONFIG_SECURITY_FILE_CAPABILITIES.

This patch introduces a special check into cap_task_kill() just
to check whether a non-root user is signaling a setuid root
program started by the same user. If so, then signal is allowed.

This still leaves open the question of whether we want to go back
to allowing users to signal binaries owned by them which had
file capabilities set.

Signed-off-by: Serge E. Hallyn <serue@xxxxxxxxxx>
---
security/commoncap.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/security/commoncap.c b/security/commoncap.c
index 302e8d0..d20d0a6 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -543,6 +543,9 @@ int cap_task_kill(struct task_struct *p, struct siginfo *info,
if (capable(CAP_KILL))
return 0;

+ if (p->euid==0 && p->uid==current->uid)
+ return 0;
+
return -EPERM;
}
#else
--
1.5.2.5

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Heiko Carstens: "Re: [PATCH 39/59] drivers/s390: Add missing "space""
Previous message: Ingo Molnar: "[patch] softlockup: do the wakeup from a hrtimer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]