tmp_suning_uos_patched/security
Serge E. Hallyn b5f22a59c0 don't raise all privs on setuid-root file with fE set (v2)
Distributions face a backward compatibility problem with starting to use
file capabilities.  For instance, removing setuid root from ping and
doing setcap cap_net_raw=pe means that booting with an older kernel
or one compiled without file capabilities means ping won't work for
non-root users.

In order to replace the setuid root bit on a capability-unaware
program, one has to set the effective, or legacy, file capability,
which makes the capability effective immediately.  This patch
uses the legacy bit as a queue to not automatically add full
privilege to a setuid-root program.

So, with this patch, an ordinary setuid-root program will run with
privilege.  But if /bin/ping has both setuid-root and cap_net_raw in
fP and fE, then ping (when run by non-root user) will not run
with only cap_net_raw.

Changelog:
	Apr 2 2009: Print a message once when such a binary is loaded,
		as per James Morris' suggestion.
	Apr 2 2009: Fix the condition to only catch uid!=0 && euid==0.

Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <jmorris@namei.org>
2009-04-03 11:49:31 +11:00
..
integrity/ima integrity: ima iint radix_tree_lookup locking fix 2009-02-23 09:54:53 +11:00
keys keys: make procfiles per-user-namespace 2009-02-27 12:35:15 +11:00
selinux Permissive domain in userspace object manager 2009-04-02 09:23:45 +11:00
smack smack: Add a new '-CIPSO' option to the network address label configuration 2009-03-28 15:01:37 +11:00
tomoyo TOMOYO: Fix a typo. 2009-03-27 19:03:44 +11:00
capability.c lsm: Remove the socket_post_accept() hook 2009-03-28 15:01:37 +11:00
commoncap.c don't raise all privs on setuid-root file with fE set (v2) 2009-04-03 11:49:31 +11:00
device_cgroup.c devices cgroup: allow mkfifo 2009-01-08 08:31:03 -08:00
inode.c Merge branch 'master' into next 2009-02-06 11:01:45 +11:00
Kconfig Kconfig and Makefile 2009-02-12 15:19:00 +11:00
Makefile security: change link order of LSMs so security=tomoyo works 2009-02-12 16:29:04 +11:00
root_plug.c Revert "CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #2]" 2009-01-07 09:21:54 +11:00
security.c lsm: Remove the socket_post_accept() hook 2009-03-28 15:01:37 +11:00