>From 3549aced829f84237ddc3ccfa571b8a938cae173 Mon Sep 17 00:00:00 2001
From: Serge E. Hallyn <[EMAIL PROTECTED]>
Date: Fri, 13 Jul 2007 12:17:45 -0400
Subject: [PATCH 2/2] file capabilities: change fE to a bool
The fE was previously a full capset which was masked with the
calculated new_permitted to get the process' new effective set.
It is now a single bit in the xattr. This patch changes
bprm->cap_effective to a boolean. When that boolean is false,
then P'e is the empty set. When the boolean is true, then P'e is
set equal to P'p (new_permitted). The rationale for this is that
either the application does not know about capabilities, and
needs to start with all permitted caps in its effective set, or
it does know about capabilities, and can start with an empty
effective set and enable the caps it wants when it wants.
Signed-off-by: Serge E. Hallyn <[EMAIL PROTECTED]>
---
include/linux/binfmts.h | 3 ++-
security/commoncap.c | 16 +++++++++-------
2 files changed, 11 insertions(+), 8 deletions(-)
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
index e1a7083..6c47e1b 100644
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
@@ -30,7 +30,8 @@ struct linux_binprm{
int sh_bang;
struct file * file;
int e_uid, e_gid;
- kernel_cap_t cap_inheritable, cap_permitted, cap_effective;
+ kernel_cap_t cap_inheritable, cap_permitted;
+ bool cap_effective;
void *security;
int argc, envc;
char * filename; /* Name of binary as seen by procps */
diff --git a/security/commoncap.c b/security/commoncap.c
index 390c313..224c060 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -113,7 +113,7 @@ static inline void bprm_clear_caps(struct linux_binprm
*bprm)
{
cap_clear (bprm->cap_inheritable);
cap_clear (bprm->cap_permitted);
- cap_clear (bprm->cap_effective);
+ bprm->cap_effective = false;
}
#ifdef CONFIG_SECURITY_FILE_CAPABILITIES
@@ -130,8 +130,10 @@ static inline int cap_from_disk(__le32 *caps, struct
linux_binprm *bprm,
switch ((magic_etc & VFS_CAP_REVISION_MASK)) {
case VFS_CAP_REVISION:
- bprm->cap_effective = (magic_etc & VFS_CAP_FLAGS_EFFECTIVE)
- ? CAP_FULL_SET : CAP_EMPTY_SET;
+ if (magic_etc & VFS_CAP_FLAGS_EFFECTIVE)
+ bprm->cap_effective = true;
+ else
+ bprm->cap_effective = false;
bprm->cap_permitted = to_cap_t( le32_to_cpu(caps[1]) );
bprm->cap_inheritable = to_cap_t( le32_to_cpu(caps[2]) );
return 0;
@@ -212,7 +214,7 @@ int cap_bprm_set_security (struct linux_binprm *bprm)
cap_set_full (bprm->cap_permitted);
}
if (bprm->e_uid == 0)
- cap_set_full (bprm->cap_effective);
+ bprm->cap_effective = true;
}
return ret;
@@ -252,8 +254,8 @@ void cap_bprm_apply_creds (struct linux_binprm *bprm, int
unsafe)
* capability rules */
if (!is_init(current)) {
current->cap_permitted = new_permitted;
- current->cap_effective =
- cap_intersect (new_permitted, bprm->cap_effective);
+ current->cap_effective = bprm->cap_effective ?
+ new_permitted : 0;
}
/* AUD: Audit candidate if current->cap_effective is set */
@@ -264,7 +266,7 @@ void cap_bprm_apply_creds (struct linux_binprm *bprm, int
unsafe)
int cap_bprm_secureexec (struct linux_binprm *bprm)
{
if (current->uid != 0) {
- if (!cap_isclear(bprm->cap_effective))
+ if (bprm->cap_effective)
return 1;
if (!cap_isclear(bprm->cap_permitted))
return 1;
--
1.5.1.1.GIT
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
