Re: [PATCH] security: protect legacy apps from insufficientprivilege

From: Andrew Morton
Date: Thu May 22 2008 - 01:42:22 EST


On Wed, 21 May 2008 08:50:25 -0700 "Andrew G. Morgan" <morgan@xxxxxxxxxx> wrote:

> + CAP_FOR_EACH_U32(i) {
> + if (i >= tocopy) {
> + /*
> + * Legacy capability sets have no upper bits
> + */
> + bprm->cap_post_exec_permitted.cap[i] = 0;
> + } else {
> + __u32 value_cpu;
> + /*
> + * pP' = (X & fP) | (pI & fI)
> + */
> + value_cpu = le32_to_cpu(caps->data[i].permitted);
> + bprm->cap_post_exec_permitted.cap[i] = (
> + current->cap_bset.cap[i] & value_cpu
> + ) | (
> + current->cap_inheritable.cap[i] &
> + le32_to_cpu(caps->data[i].inheritable)
> + );
> + if (value_cpu &
> + ~bprm->cap_post_exec_permitted.cap[i]) {
> + /*
> + * insufficient to execute correctly
> + */
> + ret = -EPERM;
> + }
> + }
> }

That makes my eyes say ow. The 80-col thing is a pain.

With a judiciously placed `continue' we can do this:

CAP_FOR_EACH_U32(i) {
__u32 value_cpu;

if (i >= tocopy) {
/*
* Legacy capability sets have no upper bits
*/
bprm->cap_post_exec_permitted.cap[i] = 0;
continue;
}
/*
* pP' = (X & fP) | (pI & fI)
*/
value_cpu = le32_to_cpu(caps->data[i].permitted);
bprm->cap_post_exec_permitted.cap[i] =
(current->cap_bset.cap[i] & value_cpu) |
(current->cap_inheritable.cap[i] &
le32_to_cpu(caps->data[i].inheritable));
if (value_cpu & ~bprm->cap_post_exec_permitted.cap[i]) {
/*
* insufficient to execute correctly
*/
ret = -EPERM;
}
}

OK?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/