Re: sys_setpriority error

From: Chris Wright (chrisat_private)
Date: Wed May 30 2001 - 20:21:42 PDT

  • Next message: Valdis.Kletnieksat_private: "Re: 2001-05-27 patch against 2.4.5"

    * Titus D. Winters (titusat_private) wrote:
    > > I understand what your driving at.  But I hesitate to make logic changes to
    > > the kernel.  Consider original code reads...
    > >
    > >   if (p->uid != current->euid &&
    > >      p->uid != current->uid && !capable(CAP_SYS_NICE)) {
    > >
    > > This really doesn't have any test for root.  just checks that both your uid
    > > and euid don't match the target process's uid _and_ you aren't capable.
    > Well, if that is the way it is in the kernel, that's good.  Still, since
    > we are changing the entire capabilities system anyway, it is a nice time
    > to make the system a bit smarter.
    I am reluctant to change logic in the kernel when I don't have a complete
    understanding for the rationale for why it is the way it is now.  Call me
    paranoid, but subtle logic changes easily == security bugs.
    As a side note.  Roy's proposal could incorrectly assign 0 to error
    > But I agree, if we are not going to watch for stuff like this then we
    > really need to examine the dummy functions.  : )
    Ooh, that sounds like a volunteer ;-)
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Wed May 30 2001 - 20:24:24 PDT