oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: filesystem capabilities

From: Kees Cook <kees () ubuntu com>
Date: Wed, 10 Nov 2010 10:01:28 -0800
On Mon, Nov 08, 2010 at 12:37:35PM +0100, Sebastian Krahmer wrote:

To me it looks like an error condition
where you should die() if you see +s root AND fscaps applied.


Right now the kernel will only apply the caps and will ignore the setuid
bit, actually, if both are seen:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b5f22a59c0356655a501190959db9f7f5dd07e3f

-Kees

-- 
Kees Cook
Ubuntu Security Team
Previous By Date Next
Previous By Thread Next

Current thread: