-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Serge E. Hallyn wrote: > The problem is that when you run a setuid binary, its pP and pE are > fully raised. The following patch fixes it for me. Chris, does it fix > your problem? Andrew, am I again confusing myself and doing something > unsafe?
I think this is yet another example of the fragile mess that is UID emulation with capabilities. Your patch is an example of privilege escalation - luser can kill a more-capable process. In the kill CONT case we reached the opposite conclusion to this one. As was the case then, I didn't disagree then :*). If it meets folk's expectations, then this is probably a good patch... > --- a/security/commoncap.c > +++ b/security/commoncap.c > @@ -543,6 +543,9 @@ int cap_task_kill(struct task_struct *p, struct siginfo > *info, > if (capable(CAP_KILL)) > return 0; > > + if (p->euid==0 && p->uid==current->uid) > + return 0; > + Its late and I'm obviously tired, but is there any reason not to simply use: if (p->uid == current->uid) return 0; Whatever the case, could you put the new code closer to the sig == SIGCONT test? The capability tests are at the end of cap_task_kill() and this new check breaks that pattern. Cheers Andrew -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFHRTLlQheEq9QabfIRAt/hAKCJgj2kbuyAWI486LOwwDLdkbcpoQCfQdrQ J+bcvi+9pGTodFn42PsHJHA= =cXaG -----END PGP SIGNATURE----- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/