[PATCH] security/commoncap: don't assume "setid" if all ids are identical

Max Kellermann max.kellermann at ionos.com
Fri May 9 06:15:33 UTC 2025


On Fri, May 9, 2025 at 12:12 AM <sergeh at kernel.org> wrote:
> ABI stability is about the most important thing to Linus, so yes, if
> documentation and code disagree, then we should fix the documentation,
> except in the case where the current behavior just really is wrong
> or insecure.

It is insecure indeed (can be abused for LD_PRELOAD
attacks):https://lore.kernel.org/lkml/CAKPOu+8+1uVrDJHwmHJd2d46-N6AwjR4_bbtoSJS+sx6J=rkjg@mail.gmail.com/



More information about the Linux-security-module-archive mailing list