I make a mistake about the case of sunrpc. Right, it check privilege with capable. > > It uses capable(cap), that's not the problem exactly. It uses > cap_raise() to directly manipulate the cap_effective bits (without the > module knowing). Then it uses capable(cap) later to test the > capabliity. The dummy module completely ignores the cap_* fields, so > the capable(cap) test became the suser() test. This means it never saw > the updated cap_effecitve bitfield. > > So this patch switches the logic around to acutally use the cap_* bits on > the capable() call, and manage them on exec and setuid by looking at > uids. This has the side affect that it fixes the issue you saw, as the > cap_* bits are initialized (to the granularity possbile in the dummy > functions). > > The alternative here is to have a formalized method for asking a module > to raise a lower privs. > > thanks, > -chris > -- > Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net > >
This archive was generated by hypermail 2b30 : Mon Dec 08 2003 - 19:04:59 PST