Re: PROBLEM: A Capability LSM Module serious bug

From: Liang Bin (liangbin01@private)
Date: Mon Dec 08 2003 - 19:04:01 PST

  • Next message: Marco Fister: "LSM Openwall Port"

    I make a mistake about the case of sunrpc. Right, it check privilege with capable.
    > It uses capable(cap), that's not the problem exactly.  It uses
    > cap_raise() to directly manipulate the cap_effective bits (without the
    > module knowing).  Then it uses capable(cap) later to test the
    > capabliity.  The dummy module completely ignores the cap_* fields, so
    > the capable(cap) test became the suser() test.  This means it never saw
    > the updated cap_effecitve bitfield.
    > So this patch switches the logic around to acutally use the cap_* bits on
    > the capable() call, and manage them on exec and setuid by looking at
    > uids.  This has the side affect that it fixes the issue you saw, as the
    > cap_* bits are initialized (to the granularity possbile in the dummy
    > functions).
    > The alternative here is to have a formalized method for asking a module
    > to raise a lower privs.
    > thanks,
    > -chris
    > -- 
    > Linux Security Modules

    This archive was generated by hypermail 2b30 : Mon Dec 08 2003 - 19:04:59 PST