mirror of
https://github.com/torvalds/linux.git
synced 2024-12-25 12:21:37 +00:00
5459c164f0
When cap_bset suppresses some of the forced (fP) capabilities of a file, it is generally only safe to execute the program if it understands how to recognize it doesn't have enough privilege to work correctly. For legacy applications (fE!=0), which have no non-destructive way to determine that they are missing privilege, we fail to execute (EPERM) any executable that requires fP capabilities, but would otherwise get pP' < fP. This is a fail-safe permission check. For some discussion of why it is problematic for (legacy) privileged applications to run with less than the set of capabilities requested for them, see: http://userweb.kernel.org/~morgan/sendmail-capabilities-war-story.html With this iteration of this support, we do not include setuid-0 based privilege protection from the bounding set. That is, the admin can still (ab)use the bounding set to suppress the privileges of a setuid-0 program. [akpm@linux-foundation.org: coding-style fixes] [akpm@linux-foundation.org: cleanup] Signed-off-by: Andrew G. Morgan <morgan@kernel.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
---|---|---|
.. | ||
acpi | ||
asm-alpha | ||
asm-arm | ||
asm-avr32 | ||
asm-blackfin | ||
asm-cris | ||
asm-frv | ||
asm-generic | ||
asm-h8300 | ||
asm-ia64 | ||
asm-m32r | ||
asm-m68k | ||
asm-m68knommu | ||
asm-mips | ||
asm-mn10300 | ||
asm-parisc | ||
asm-powerpc | ||
asm-s390 | ||
asm-sh | ||
asm-sparc | ||
asm-sparc64 | ||
asm-um | ||
asm-v850 | ||
asm-x86 | ||
asm-xtensa | ||
crypto | ||
drm | ||
keys | ||
linux | ||
math-emu | ||
media | ||
mtd | ||
net | ||
pcmcia | ||
rdma | ||
rxrpc | ||
scsi | ||
sound | ||
video | ||
xen | ||
Kbuild |