[PATCH 1/8] p9auth: set fsuid
in [Kernel]
|
Prev: x86_64: allow sections that are recycled to set _PAGE_RW
Next: [PATCH]"X86",Resend_Add_iMac9,1_to_pci_reboot_dmi_table
From: Serge Hallyn on 16 Feb 2010 17:50 From: Serge E. Hallyn <serue(a)us.ibm.com> fsuid should always trail euid changes. So p9auth should set fsuid as well when it sets ruid and euid. Whether the suid should also be set is an open question - keeping the old uid in suid may be useful, or may just serve to trick lazy userspace. Note that so long as we do not also set suid, the setuid_fixup() code will not (when we later switch to setresuid()) fully fill/clear capability sets. So while I had previously thought that keeping suid unchanged would be useful, I think it is better to change all uids. Signed-off-by: Serge E. Hallyn <serue(a)us.ibm.com> Cc: Greg KH <greg(a)kroah.com> cc: rsc(a)swtch.com Cc: Ashwin Ganti <ashwin.ganti(a)gmail.com> Cc: ericvh(a)gmail.com Cc: devel(a)linuxdriverproject.org Cc: linux-kernel(a)vger.kernel.org Cc: Ron Minnich <rminnich(a)gmail.com> --- drivers/staging/p9auth/p9auth.c | 14 +++++++++----- 1 files changed, 9 insertions(+), 5 deletions(-) diff --git a/drivers/staging/p9auth/p9auth.c b/drivers/staging/p9auth/p9auth.c index db79626..70ef45b 100644 --- a/drivers/staging/p9auth/p9auth.c +++ b/drivers/staging/p9auth/p9auth.c @@ -275,10 +275,14 @@ static ssize_t cap_write(struct file *filp, const char __user *buf, goto out; } /* - * What all id's need to be changed here? uid, - * euid, fsid, savedids ?? Currently I am - * changing the effective user id since most of - * the authorisation decisions are based on it + * Change all uids. It might be useful to + * keep suid unchanged, however that will + * mean that changing from uid=0 to uid=!0 + * pP is not emptied (only pE is), and when + * changing from uid=!0 to uid=0, sets are + * not filled. They will be correct after + * the next exec, but this is IMO not + * sufficient. So change all uids. */ new = prepare_creds(); if (!new) { @@ -286,7 +290,7 @@ static ssize_t cap_write(struct file *filp, const char __user *buf, goto out; } new->uid = (uid_t) target_int; - new->euid = (uid_t) target_int; + new->suid = new->fsuid = new->euid = new->uid; retval = commit_creds(new); if (retval) goto out; -- 1.6.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ |