Re: prctl(0x8) -> EINVAL [Was: 2.6.25-rc3-mm1]

From: Andrew Morgan
Date: Sun Mar 09 2008 - 12:29:20 EST


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Acked-by: Andrew G. Morgan <morgan@xxxxxxxxxx>

Cheers

Andrew

Serge E. Hallyn wrote:
|
| This patch address the !CONFIG_SECURITY case, but not the case of
| using the dummy LSM. The default these days is to have capabilities
| compiled in no matter what, but it is still possible to have
| CONFIG_SECURITY=y and CONFIG_SECURITY_CAPABILITIES=n, in which
| case prctl(0x8) will return -EINVAL. Do we want dummy to call
| cap_prctl() as well, or are we ok with userspace getting -EINVAL
| given that there are in fact no capabilities at that point and
| the userspace code is clearly expecting them?
|
| thanks,
| -serge
|
|>From 4a66f19580489a3ac84f0a145e4585c09e65c88e Mon Sep 17 00:00:00 2001
| From: Serge E. Hallyn <serue@xxxxxxxxxx>
| Date: Wed, 5 Mar 2008 06:02:32 -0800
| Subject: [PATCH 1/1] capabilities: use cap_task_prctl when
!CONFIG_SECURITY
|
| capabilities-implement-per-process-securebits.patch introduced
| cap_task_prctl() and moved the handling of capability-related
| prctl into it. So when !CONFIG_SECURITY, the default
| security_task_prctl() needs to call cap_task_prctl() the way
| other default hooks call capability helpers when they exist.
|
| This fixes a slew of userspace breakages when
| CONFIG_SECURITY=n.
|
| Signed-off-by: Serge E. Hallyn <serue@xxxxxxxxxx>
| ---
| include/linux/security.h | 2 +-
| 1 files changed, 1 insertions(+), 1 deletions(-)
|
| diff --git a/include/linux/security.h b/include/linux/security.h
| index 83763b0..861d6da 100644
| --- a/include/linux/security.h
| +++ b/include/linux/security.h
| @@ -2228,7 +2228,7 @@ static inline int security_task_prctl (int
option, unsigned long arg2,
| unsigned long arg4,
| unsigned long arg5, long *rc_p)
| {
| - return 0;
| + return cap_task_prctl(option, arg2, arg3, arg3, arg5, rc_p);
| }
|
| static inline void security_task_reparent_to_init (struct task_struct *p)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH1BA/mwytjiwfWMwRAkQ3AJ4h7rKORHnRvoQrPh/l1psZEwsRJACePk1T
AooB76FrfRd63O2kOpPvqNU=
=rxzU
-----END PGP SIGNATURE-----
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/