On Tue, Sep 24, 2013 at 12:27:36PM +0800, Chen Gang wrote: > For real world, /sbin/init will call setgroups, so user space 'help' > kernel itself to protect this issue, but I think, we don't only depend > on the user space help checking. > > The proof is below: > > [root@gchenlinux tmp]# grep setgroups /sbin/* > Binary file /sbin/init matches > Binary file /sbin/rpc.statd matches > Binary file /sbin/rsyslogd matches > Binary file /sbin/runuser matches > > From reading kernel source code, kernel itself does not intend to set > 'group_info', it is triggered by user space or another kernel mode > sub-systems.
Can you please demonstrate such failure? You can tell kernel to execute a given binary instead of init with "init=" param. Thanks. -- tejun -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
