This is the fifth in a series of eight patches to the BSD Secure
Levels LSM. It allows setuid and setgid on a process if the user is
already root. This allows non-root users to log in. Thanks to Serge
Hallyn for the suggestion.
Signed off by: Michael Halcrow <[EMAIL PROTECTED]>
Index: linux-2.6.11-rc2-mm1-modules/security/seclvl.c
===================================================================
--- linux-2.6.11-rc2-mm1-modules.orig/security/seclvl.c 2005-02-03
15:39:35.786556648 -0600
+++ linux-2.6.11-rc2-mm1-modules/security/seclvl.c 2005-02-03
15:41:46.043754544 -0600
@@ -442,12 +442,12 @@
"in secure level [%d] denied\n",
__FUNCTION__, seclvl);
return -EPERM;
- } else if (cap == CAP_SETUID) {
+ } else if (cap == CAP_SETUID && current->uid != 0) {
seclvl_printk(1, KERN_WARNING "%s: Attempt to setuid "
"while in secure level [%d] denied\n",
__FUNCTION__, seclvl);
return -EPERM;
- } else if (cap == CAP_SETGID) {
+ } else if (cap == CAP_SETGID && current->uid != 0) {
seclvl_printk(1, KERN_WARNING "%s: Attempt to setgid "
"while in secure level [%d] denied\n",
__FUNCTION__, seclvl);
