[PATCH v4 08/15] commoncap: Move cap_elevated calculation into bprm_set_creds
Andy Lutomirski
luto at kernel.org
Tue Aug 1 13:46:38 UTC 2017
On Mon, Jul 31, 2017 at 4:51 PM, Kees Cook <keescook at chromium.org> wrote:
> Instead of a separate function, open-code the cap_elevated test, which
> lets us entirely remove bprm->cap_effective (to use the local "effective"
> variable instead), and more accurately examine euid/egid changes via the
> existing local "is_setid".
>
> The following LTP tests were run to validate the changes:
>
> # ./runltp -f syscalls -s cap
> # ./runltp -f securebits
> # ./runltp -f cap_bounds
> # ./runltp -f filecaps
>
> All kernel selftests for capabilities and exec continue to pass as well.
>
> Cc: Andy Lutomirski <luto at kernel.org>
> Signed-off-by: Kees Cook <keescook at chromium.org>
> Reviewed-by: James Morris <james.l.morris at oracle.com>
> Acked-by: Serge Hallyn <serge at hallyn.com>
Reviewed-by: Andy Lutomirski <luto at kernel.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list