Re: [PATCH] Properly split capset_check+capset_set
From: Chris Wright
Date: Wed Dec 15 2004 - 18:49:23 EST
* Serge E. Hallyn (serue@xxxxxxxxxx) wrote:
> Quoting Stephen Smalley (sds@xxxxxxxxxxxxxx):
> > necessary to preserve any error return in the cases where capset() is
> > being applied to multiple processes, but in the case where it is being
> > applied to a single specific process, it would be nice if any error
> > return from security_capset_check() would be returned to the caller.
>
> In the case of pid<0, would we want to do something like "return an error
> if none of the sets was allowed, else return 0", or is that too ugly?
The signal code returns an error if any delivery failed. So, there's at
least precedence for that type of behaviour.
> > I also wonder whether the existing hardcoded checks should be moved into
> > the new security_capset_check() hook function for dummy and commoncap so
> > that they will be applied to the real target, even when pid < 0.
> > Otherwise, those hardcoded checks seem bogus in the pid < 0 case, as
> > they are then applied to current rather than to the true targets.
>
> True, this (testing applicability of caps to the real targets in pid<0 case)
> certainly seems like a good thing, so the attached patch leaves that
> check in cap_capset_check, and just removes it from sys_capset() instead.
Yeah, it is inconsistent right now. Don't forget, the dummy code doesn't
even allow for capability setting.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/