summaryrefslogtreecommitdiffstats
path: root/security/commoncap.c
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2017-01-23 05:17:26 +0100
committerEric W. Biederman <ebiederm@xmission.com>2017-01-24 00:03:08 +0100
commit20523132ec5d1b481e1d66557292ed3a3021e817 (patch)
tree9f34d81fd0c96881c8d66413184b5f736e6f626c /security/commoncap.c
parentexec: Don't reset euid and egid when the tracee has CAP_SETUID (diff)
downloadlinux-20523132ec5d1b481e1d66557292ed3a3021e817.tar.xz
linux-20523132ec5d1b481e1d66557292ed3a3021e817.zip
exec: Test the ptracer's saved cred to see if the tracee can gain caps
Now that we have user namespaces and non-global capabilities verify the tracer has capabilities in the relevant user namespace instead of in the current_user_ns(). As the test for setting LSM_UNSAFE_PTRACE_CAP is currently ptracer_capable(p, current_user_ns()) and the new task credentials are in current_user_ns() this change does not have any user visible change and simply moves the test to where it is used, making the code easier to read. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'security/commoncap.c')
-rw-r--r--security/commoncap.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/security/commoncap.c b/security/commoncap.c
index feb6044f701d..cbb203c91406 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -548,7 +548,8 @@ skip:
if ((is_setid ||
!cap_issubset(new->cap_permitted, old->cap_permitted)) &&
- bprm->unsafe & ~LSM_UNSAFE_PTRACE_CAP) {
+ ((bprm->unsafe & ~(LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) ||
+ !ptracer_capable(current, new->user_ns))) {
/* downgrade; they get no more than they had, and maybe less */
if (!ns_capable(new->user_ns, CAP_SETUID) ||
(bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS)) {