Re: [PATCH] security: kill security_task_fix_setuid()

From: James Morris
Date: Thu May 31 2012 - 04:48:13 EST

Next message: Alex Shi: "Re: [PATCH] x86/tlb: replace INVALIDATE_TLB_VECTOR by CALL_FUNCTION_VECTOR"
Previous message: Stephen Rothwell: "Re: [PATCH RFC] virtio-net: remove useless disable on freeze"
In reply to: kosaki . motohiro: "[PATCH] security: kill security_task_fix_setuid()"
Next in thread: KOSAKI Motohiro: "Re: [PATCH] security: kill security_task_fix_setuid()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 31 May 2012, kosaki.motohiro@xxxxxxxxx wrote:

> From: KOSAKI Motohiro <kosaki.motohiro@xxxxxxxxxxxxxx>
>
> commit 72fa5997 (move RLIMIT_NPROC check from set_user() to do_execve_common())
> pointed out set*uid() failure can cause a security problem.
> Thus, security_task_fix_setuid() potentially has the same issue. Any security
> module shouldn't use it. This patch kills it completely.
>
> Luckily, any security module don't use it. then, this patch doesn't make any
> userland visible change.

Capabilities uses it.

--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alex Shi: "Re: [PATCH] x86/tlb: replace INVALIDATE_TLB_VECTOR by CALL_FUNCTION_VECTOR"
Previous message: Stephen Rothwell: "Re: [PATCH RFC] virtio-net: remove useless disable on freeze"
In reply to: kosaki . motohiro: "[PATCH] security: kill security_task_fix_setuid()"
Next in thread: KOSAKI Motohiro: "Re: [PATCH] security: kill security_task_fix_setuid()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]