diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2008-01-22 02:18:30 +0100 |
|---|---|---|
| committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2008-01-22 04:39:41 +0100 |
| commit | a6dbb1ef2fc8d73578eacd02ac701f4233175c9f (patch) | |
| tree | eb2efa0193cdc7ab6b1f30068571194d0dabf230 /ipc | |
| parent | s3c2410_fb: fix line length calculation (diff) | |
| download | linux-a6dbb1ef2fc8d73578eacd02ac701f4233175c9f.tar.xz linux-a6dbb1ef2fc8d73578eacd02ac701f4233175c9f.zip | |
Fix filesystem capability support
In linux-2.6.24-rc1, security/commoncap.c:cap_inh_is_capped() was
introduced. It has the exact reverse of its intended behavior. This
led to an unintended privilege esculation involving a process'
inheritable capability set.
To be exposed to this bug, you need to have Filesystem Capabilities
enabled and in use. That is:
- CONFIG_SECURITY_FILE_CAPABILITIES must be defined for the buggy code
to be compiled in.
- You also need to have files on your system marked with fI bits raised.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@akpm@linux-foundation.org>
Diffstat (limited to 'ipc')
0 files changed, 0 insertions, 0 deletions