Skip to content
Commit a6dbb1ef authored by Andrew G. Morgan's avatar Andrew G. Morgan Committed by Linus Torvalds
Browse files

Fix filesystem capability support 



In linux-2.6.24-rc1, security/commoncap.c:cap_inh_is_capped() was
introduced. It has the exact reverse of its intended behavior. This
led to an unintended privilege esculation involving a process'
inheritable capability set.

To be exposed to this bug, you need to have Filesystem Capabilities
enabled and in use. That is:

- CONFIG_SECURITY_FILE_CAPABILITIES must be defined for the buggy code
  to be compiled in.

- You also need to have files on your system marked with fI bits raised.

Signed-off-by: default avatarAndrew G. Morgan <morgan@kernel.org>

Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@akpm@linux-foundation.org>
parent a1033604
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment