* liangbin01@private (liangbin01@private) wrote: > When POSIX Capability LSM module isn't compiled into kernel, after inserting > Capability module into kernel, all existed normal users processes will have > total Capability privileges of superuser (root). Thanks for the complete bugreport and patch. Below is a (quick hack at a) fix for dummy.c that will at least keep track of the task->cap_* fields. This enables the use of nfs locking when dummy.c is only security interface loaded, since that manually manipulates cap_effective with cap_raise(). Before this priv escalation was lost between the cap_raise() and the subsequent capable() call. As a side effect, this will leave the cap_* fields properly initialized when/if the capability module is loaded. thoughts? thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net ===== security/dummy.c 1.47 vs edited ===== --- 1.47/security/dummy.c Wed Oct 8 16:01:50 2003 +++ edited/security/dummy.c Mon Dec 8 14:34:02 2003 @@ -96,12 +96,18 @@ static int dummy_capable (struct task_struct *tsk, int cap) { +#if 0 if (cap_is_fs_cap (cap) ? tsk->fsuid == 0 : tsk->euid == 0) /* capability granted */ return 0; /* capability denied */ return -EPERM; +#endif + if (cap_raised (tsk->cap_effective, cap)) + return 0; + else + return -EPERM; } static int dummy_sysctl (ctl_table * table, int op) @@ -201,6 +207,7 @@ static void dummy_bprm_compute_creds (struct linux_binprm *bprm) { + dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted); return; } @@ -548,6 +555,7 @@ static int dummy_task_post_setuid (uid_t id0, uid_t id1, uid_t id2, int flags) { + dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted); return 0; }
This archive was generated by hypermail 2b30 : Mon Dec 08 2003 - 16:09:55 PST