diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2016-11-17 01:38:35 -0600 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2017-01-24 12:03:07 +1300 |
commit | 70169420f555210147f3cab74bb0f6debd488bdb (patch) | |
tree | 364f9a2a9d576c91178ba0b5d3c1d671da7301ba /security | |
parent | 1cce1eea0aff51201753fcaca421df825b0813b6 (diff) | |
download | talos-op-linux-70169420f555210147f3cab74bb0f6debd488bdb.tar.gz talos-op-linux-70169420f555210147f3cab74bb0f6debd488bdb.zip |
exec: Don't reset euid and egid when the tracee has CAP_SETUID
Don't reset euid and egid when the tracee has CAP_SETUID in
it's user namespace. I punted on relaxing this permission check
long ago but now that I have read this code closely it is clear
it is safe to test against CAP_SETUID in the user namespace.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/commoncap.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index 8df676fbd393..feb6044f701d 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -550,7 +550,7 @@ skip: !cap_issubset(new->cap_permitted, old->cap_permitted)) && bprm->unsafe & ~LSM_UNSAFE_PTRACE_CAP) { /* downgrade; they get no more than they had, and maybe less */ - if (!capable(CAP_SETUID) || + if (!ns_capable(new->user_ns, CAP_SETUID) || (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS)) { new->euid = new->uid; new->egid = new->gid; |