mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-13 14:14:37 +00:00
Code Issues Releases Wiki Activity
linux-stable/security
History
Kees Cook ee67ae7ef6 commoncap: Move cap_elevated calculation into bprm_set_creds 
Instead of a separate function, open-code the cap_elevated test, which
lets us entirely remove bprm->cap_effective (to use the local "effective"
variable instead), and more accurately examine euid/egid changes via the
existing local "is_setid".

The following LTP tests were run to validate the changes:

	# ./runltp -f syscalls -s cap
	# ./runltp -f securebits
	# ./runltp -f cap_bounds
	# ./runltp -f filecaps

All kernel selftests for capabilities and exec continue to pass as well.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: James Morris <james.l.morris@oracle.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: Andy Lutomirski <luto@kernel.org>
2017-08-01 12:03:09 -07:00
..
apparmor apparmor: Refactor to remove bprm_secureexec hook 2017-08-01 12:03:06 -07:00
integrity Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2017-07-05 11:26:35 -07:00
keys Now that IPC and other changes have landed, enable manual markings for 2017-07-19 08:55:18 -07:00
loadpin security: mark LSM hooks as __ro_after_init 2017-03-06 11:00:15 +11:00
selinux selinux: Refactor to remove bprm_secureexec hook 2017-08-01 12:03:07 -07:00
smack smack: Refactor to remove bprm_secureexec hook 2017-08-01 12:03:07 -07:00
tomoyo exec: Rename bprm->cred_prepared to called_set_creds 2017-08-01 12:02:48 -07:00
yama doc: ReSTify Yama.txt 2017-05-18 10:33:04 -06:00
commoncap.c commoncap: Move cap_elevated calculation into bprm_set_creds 2017-08-01 12:03:09 -07:00
device_cgroup.c security/device_cgroup: Fix RCU_LOCKDEP_WARN() condition 2015-09-03 18:13:10 -07:00
inode.c securityfs: add the ability to support symlinks 2017-06-08 12:51:43 -07:00
Kconfig include/linux/string.h: add the option of fortified string.h functions 2017-07-12 16:26:03 -07:00
lsm_audit.c selinux: Add IB Port SMP access vector 2017-05-23 12:28:02 -04:00
Makefile LSM: LoadPin for kernel file loading restrictions 2016-04-21 10:47:27 +10:00
min_addr.c
security.c security/selinux: allow security_sb_clone_mnt_opts to enable/disable native labeling behavior 2017-06-09 16:17:47 -04:00