On Sun, Oct 7, 2012 at 2:56 AM, Andrew Vagin <[email protected]> wrote: > Without this patch it is really hard to interpret a bounding set, > if CAP_LAST_CAP is unknown for a current kernel. > > Non-existant capabilities can not be deleted from a bounding set > with help of prctl. > > E.g.: Here are two examples without/with this patch. > CapBnd: ffffffe0fdecffff > CapBnd: 00000000fdecffff > > I suggest to hide non-existent capabilities. Here is two reasons. > * It's logically and easier for using. > * It helps to checkpoint-restore capabilities of tasks, because tasks > can be restored on another kernel, where CAP_LAST_CAP is bigger. > > v2: Non-existent capabilities can not be removed from creds, because > in this case user cannot set all=eip. This patch cleans up non-existent > capabilities from content of /proc/pid/status > > Cc: Andrew G. Morgan <[email protected]> > Cc: Serge Hallyn <[email protected]> > Cc: Pavel Emelyanov <[email protected]> > Cc: Andrew Morton <[email protected]> > Cc: Kees Cook <[email protected]> > Cc: KAMEZAWA Hiroyuki <[email protected]> > Signed-off-by: Andrew Vagin <[email protected]>
Seems sensible to me. Reviewed-by: Kees Cook <[email protected]> -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
