linux/security
Zhi Li 4d49f6710b capabilities: do not grant full privs for setuid w/ file caps + no effective caps
A task (when !SECURE_NOROOT) which executes a setuid-root binary will
obtain root privileges while executing that binary.  If the binary also
has effective capabilities set, then only those capabilities will be
granted.  The rationale is that the same binary can carry both setuid-root
and the minimal file capability set, so that on a filesystem not
supporting file caps the binary can still be executed with privilege,
while on a filesystem supporting file caps it will run with minimal
privilege.

This special case currently does NOT happen if there are file capabilities
but no effective capabilities.  Since capability-aware programs can very
well start with empty pE but populated pP and move those caps to pE when
needed.  In other words, if the file has file capabilities but NOT
effective capabilities, then we should do the same thing as if there
were file capabilities, and not grant full root privileges.

This patchset does that.

(Changelog by Serge Hallyn).

Signed-off-by: Zhi Li <lizhi1215@gmail.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
2011-08-12 15:06:57 +10:00
..
apparmor Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 2011-07-27 19:26:38 -07:00
integrity evm: fix evm_inode_init_security return code 2011-08-11 17:42:41 +10:00
keys Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 2011-07-27 19:26:38 -07:00
selinux doc: Update the email address for Paul Moore in various source files 2011-08-01 17:58:33 -07:00
smack doc: Update the email address for Paul Moore in various source files 2011-08-01 17:58:33 -07:00
tomoyo get rid of pointless checks for dentry->sb == NULL 2011-07-20 01:44:19 -04:00
capability.c ->permission() sanitizing: don't pass flags to ->inode_permission() 2011-07-20 01:43:26 -04:00
commoncap.c capabilities: do not grant full privs for setuid w/ file caps + no effective caps 2011-08-12 15:06:57 +10:00
device_cgroup.c security,rcu: Convert call_rcu(whitelist_item_free) to kfree_rcu() 2011-07-20 11:05:30 -07:00
inode.c convert get_sb_single() users 2010-10-29 04:16:28 -04:00
Kconfig integrity: move ima inode integrity data management 2011-07-18 12:29:38 -04:00
lsm_audit.c LSM: separate LSM_AUDIT_DATA_DENTRY from LSM_AUDIT_DATA_PATH 2011-04-25 18:14:07 -04:00
Makefile integrity: move ima inode integrity data management 2011-07-18 12:29:38 -04:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c Merge branch 'next-evm' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/ima-2.6 into next 2011-08-09 10:31:03 +10:00