oss-sec mailing list archives
Re: CVE request: kernel: missing capabilities in fs_mask
From: Eugene Teo <eugene () redhat com>
Date: Sat, 25 Apr 2009 17:22:47 +0800
Hi Steve, Steven M. Christey wrote:
On Thu, 23 Apr 2009, Eugene Teo wrote:"When POSIX capabilities were introduced during the 2.1 Linux cycle, the fs mask, which represents the capabilities which having fsuid==0 is supposed to grant, did not include CAP_MKNOD and CAP_LINUX_IMMUTABLE. However, before capabilities the privilege to call these did in fact depend upon fsuid==0.How is this different than CVE-2009-1072? That CVE is based on the same bug report by Igor Zhbanov, although the description doesn't mention CAP_LINUX_IMMUTABLE.
Hmm. CVE-2009-1072 refers to the missing CAP_MKNOD capability in CAP_NFSD_MASK, and this bug refers to the missing CAP_MKNOD and CAP_LINUX_IMMUTABLE capabilities in CAP_FS_MASK. Come to think about it, both are similar, and probably makes sense to have it part of CVE-2009-1072 too? Thanks, Eugene
Current thread:
- CVE request: kernel: missing capabilities in fs_mask Eugene Teo (Apr 22)
- Re: CVE request: kernel: missing capabilities in fs_mask Eugene Teo (Apr 22)
- Re: CVE request: kernel: missing capabilities in fs_mask Steven M. Christey (Apr 24)
- Re: CVE request: kernel: missing capabilities in fs_mask Eugene Teo (Apr 25)
- VDBs (was Re: [oss-security] CVE request: kernel: missing capabilities in fs_mask) security curmudgeon (Apr 25)
- Re: CVE request: kernel: missing capabilities in fs_mask Eugene Teo (Apr 25)