Date: Tue, 1 Jul 2008 15:04:06 -0700
From: Andrew Morton <akpm@linux-foundation.org>
To: "Andrew G. Morgan" <morgan@kernel.org>
Cc: dhowells@redhat.com, serue@us.ibm.com, linux-kernel@vger.kernel.org,
       linux-security-module@vger.kernel.org
Subject: Re: [PATCH 1/4] security: filesystem capabilities bugfix1
Message-Id: <20080701150406.2435593a.akpm@linux-foundation.org>
In-Reply-To: <48635799.3010500@kernel.org>
References: <48635799.3010500@kernel.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 992
Lines: 35

I'll assume that patches 1 and 2 are needed in 2.6.26 and that
patches 3 and 4 are for 2.6.27.

Patches 1 and/or 2 caused a reject in
security-protect-legacy-applications-from-executing-with-insufficient-privilege.patch:

***************
*** 350,357 ****
  				bprm->e_gid = current->gid;
  			}
  			if (!capable (CAP_SETPCAP)) {
- 				new_permitted = cap_intersect (new_permitted,
- 							current->cap_permitted);
  			}
  		}
  	}
--- 364,372 ----
  				bprm->e_gid = current->gid;
  			}
  			if (!capable (CAP_SETPCAP)) {
+ 				bprm->cap_post_exec_permitted = cap_intersect(
+ 					bprm->cap_post_exec_permitted,
+ 					current->cap_permitted);
  			}
  		}
  	}

which looked simple to fix.  I'll resend the resulting diff - please
check.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/