Quoting Kees Cook ([email protected]): > On Sun, Oct 7, 2012 at 2:56 AM, Andrew Vagin <[email protected]> wrote: > > Without this patch it is really hard to interpret a bounding set, > > if CAP_LAST_CAP is unknown for a current kernel. > > > > Non-existant capabilities can not be deleted from a bounding set > > with help of prctl. > > > > E.g.: Here are two examples without/with this patch. > > CapBnd: ffffffe0fdecffff > > CapBnd: 00000000fdecffff > > > > I suggest to hide non-existent capabilities. Here is two reasons. > > * It's logically and easier for using. > > * It helps to checkpoint-restore capabilities of tasks, because tasks > > can be restored on another kernel, where CAP_LAST_CAP is bigger. > > > > v2: Non-existent capabilities can not be removed from creds, because > > in this case user cannot set all=eip. This patch cleans up non-existent > > capabilities from content of /proc/pid/status > > > > Cc: Andrew G. Morgan <[email protected]> > > Cc: Serge Hallyn <[email protected]>
Basic capsh tests seem to have no problem with it. Thanks, Andrew. Reviewed-by: Serge E. Hallyn <[email protected]> > > Cc: Pavel Emelyanov <[email protected]> > > Cc: Andrew Morton <[email protected]> > > Cc: Kees Cook <[email protected]> > > Cc: KAMEZAWA Hiroyuki <[email protected]> > > Signed-off-by: Andrew Vagin <[email protected]> > > Seems sensible to me. > > Reviewed-by: Kees Cook <[email protected]> > > -Kees > > -- > Kees Cook > Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
