[PATCH] security/commoncap: don't assume "setid" if all ids are identical
kernel test robot
lkp at intel.com
Fri Mar 7 10:32:04 UTC 2025
Hi Max,
kernel test robot noticed the following build warnings:
[auto build test WARNING on pcmoore-selinux/next]
[also build test WARNING on linus/master v6.14-rc5 next-20250306]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Max-Kellermann/security-commoncap-don-t-assume-setid-if-all-ids-are-identical/20250306-162826
base: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git next
patch link: https://lore.kernel.org/r/20250306082615.174777-1-max.kellermann%40ionos.com
patch subject: [PATCH] security/commoncap: don't assume "setid" if all ids are identical
config: arc-allnoconfig (https://download.01.org/0day-ci/archive/20250307/202503071808.FE4vwUc4-lkp@intel.com/config)
compiler: arc-elf-gcc (GCC) 13.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250307/202503071808.FE4vwUc4-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp at intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202503071808.FE4vwUc4-lkp@intel.com/
All warnings (new ones prefixed by >>):
>> security/commoncap.c:865: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst
* Are all user/group ids in both cred instances identical?
vim +865 security/commoncap.c
863
864 /**
> 865 * Are all user/group ids in both cred instances identical?
866 *
867 * It can be used after __is_setuid() / __is_setgid() to check whether
868 * this is really a set*id operation or whether both processes just
869 * have differing real/effective ids. It is safe to keep differing
870 * real/effective ids in "unsafe" program execution.
871 */
872 static bool has_identical_uids_gids(const struct cred *a, const struct cred *b)
873 {
874 return uid_eq(a->uid, b->uid) &&
875 gid_eq(a->gid, b->gid) &&
876 uid_eq(a->suid, b->suid) &&
877 gid_eq(a->sgid, b->sgid) &&
878 uid_eq(a->euid, b->euid) &&
879 gid_eq(a->egid, b->egid) &&
880 uid_eq(a->fsuid, b->fsuid) &&
881 gid_eq(a->fsgid, b->fsgid);
882 }
883
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
More information about the Linux-security-module-archive
mailing list