summaryrefslogtreecommitdiff
path: root/security/commoncap.c
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2016-11-17 01:38:35 -0600
committerEric W. Biederman <ebiederm@xmission.com>2017-01-24 12:03:07 +1300
commit70169420f555210147f3cab74bb0f6debd488bdb (patch)
tree364f9a2a9d576c91178ba0b5d3c1d671da7301ba /security/commoncap.c
parent1cce1eea0aff51201753fcaca421df825b0813b6 (diff)
downloadlwn-70169420f555210147f3cab74bb0f6debd488bdb.tar.gz
lwn-70169420f555210147f3cab74bb0f6debd488bdb.zip
exec: Don't reset euid and egid when the tracee has CAP_SETUID
Don't reset euid and egid when the tracee has CAP_SETUID in it's user namespace. I punted on relaxing this permission check long ago but now that I have read this code closely it is clear it is safe to test against CAP_SETUID in the user namespace. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'security/commoncap.c')
-rw-r--r--security/commoncap.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/commoncap.c b/security/commoncap.c
index 8df676fbd393..feb6044f701d 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -550,7 +550,7 @@ skip:
!cap_issubset(new->cap_permitted, old->cap_permitted)) &&
bprm->unsafe & ~LSM_UNSAFE_PTRACE_CAP) {
/* downgrade; they get no more than they had, and maybe less */
- if (!capable(CAP_SETUID) ||
+ if (!ns_capable(new->user_ns, CAP_SETUID) ||
(bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS)) {
new->euid = new->uid;
new->egid = new->gid;