Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Wed, 26 Mar 2003 21:04:40 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Wed, 26 Mar 2003 21:04:40 -0500 Received: from cerebus.wirex.com ([65.102.14.138]:27120 "EHLO figure1.int.wirex.com") by vger.kernel.org with ESMTP id ; Wed, 26 Mar 2003 21:04:40 -0500 Date: Wed, 26 Mar 2003 18:14:09 -0800 From: Chris Wright To: Jakub Jelinek Cc: linux-kernel@vger.kernel.org Subject: Re: setfs[ug]id syscall return value and include/linux/security.h question Message-ID: <20030326181409.B20611@figure1.int.wirex.com> Mail-Followup-To: Jakub Jelinek , linux-kernel@vger.kernel.org References: <20030326181509.Q13397@devserv.devel.redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20030326181509.Q13397@devserv.devel.redhat.com>; from jakub@redhat.com on Wed, Mar 26, 2003 at 06:15:09PM -0500 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1256 Lines: 27 * Jakub Jelinek (jakub@redhat.com) wrote: > Hi! > > Before include/linux/security.h was added, setfsuid/setfsgid always returned > old_fsuid, no matter if the fsuid was actually changed or not. > With the default security ops it seems to do the same, because both > security_task_setuid and security_task_post_setuid return 0, but these are > hooks which seem to return 0 on success, -errno on failure, so if some > non-default security hook is installed and ever returns -errno > in setfsuid/setfsgid, -errno will be returned from the syscall instead > of the expected old_fsuid. This makes it hard to distinguish uids > 0xfffff001 .. 0xffffffff from errors of security hooks. > Shouldn't sys_setfsuid/sys_setfsgid be changed: Yes, thanks for the patch. I'll apply this to the LSM tree and push to Linus with the next batch of changes. It's unfortunate that the sys_setfs[ug]id interface can't report an error. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/