security: filesystem capabilities: fix CAP_SETPCAP handling
The filesystem capability support meaning for CAP_SETPCAP is less powerful than the non-filesystem capability support. As such, when filesystem capabilities are configured, we should not permit CAP_SETPCAP to 'enhance' the current process through strace manipulation of a child process. Signed-off-by: Andrew G. Morgan <morgan@kernel.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Cc: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Родитель
086f7316f0
Коммит
1209726ce9
|
@ -103,10 +103,16 @@ static inline int cap_inh_is_capped(void)
|
|||
return (cap_capable(current, CAP_SETPCAP) != 0);
|
||||
}
|
||||
|
||||
static inline int cap_limit_ptraced_target(void) { return 1; }
|
||||
|
||||
#else /* ie., ndef CONFIG_SECURITY_FILE_CAPABILITIES */
|
||||
|
||||
static inline int cap_block_setpcap(struct task_struct *t) { return 0; }
|
||||
static inline int cap_inh_is_capped(void) { return 1; }
|
||||
static inline int cap_limit_ptraced_target(void)
|
||||
{
|
||||
return !capable(CAP_SETPCAP);
|
||||
}
|
||||
|
||||
#endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */
|
||||
|
||||
|
@ -342,9 +348,10 @@ void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe)
|
|||
bprm->e_uid = current->uid;
|
||||
bprm->e_gid = current->gid;
|
||||
}
|
||||
if (!capable (CAP_SETPCAP)) {
|
||||
new_permitted = cap_intersect (new_permitted,
|
||||
current->cap_permitted);
|
||||
if (cap_limit_ptraced_target()) {
|
||||
new_permitted =
|
||||
cap_intersect(new_permitted,
|
||||
current->cap_permitted);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче