Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem fixes from James Morris. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: fcaps: clear the same personality flags as suid when fcaps are used mpi: Avoid using freed pointer in mpi_lshift_limbs() Smack: move label list initialization
author: Linus Torvalds <torvalds@linux-foundation.org> 2012-04-19 00:23:44 +0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2012-04-19 00:23:44 +0400
commit: b6a89584c36f307f2c2bbb136ea50985ca4bc7b4 (patch)
tree: 3913dbb9ebe07927e16ed0518fc1a1af00787dc6 /security/commoncap.c
parent: 0db7bd8ca0033c1530bcefcbd49002364dba908a (diff)
parent: d52fc5dde171f030170a6cb78034d166b13c9445 (diff)
download: linux-b6a89584c36f307f2c2bbb136ea50985ca4bc7b4.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/security/commoncap.c b/security/commoncap.c
index 0cf4b53480a7..0ecf4ba321cb 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -505,6 +505,11 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
 	}
 skip:
 
+	/* if we have fs caps, clear dangerous personality flags */
+	if (!cap_issubset(new->cap_permitted, old->cap_permitted))
+		bprm->per_clear |= PER_CLEAR_ON_SETID;
+
+
 	/* Don't let someone trace a set[ug]id/setpcap binary with the revised
 	 * credentials unless they have the appropriate permit
 	 */
author	Linus Torvalds <torvalds@linux-foundation.org>	2012-04-19 00:23:44 +0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2012-04-19 00:23:44 +0400
commit	b6a89584c36f307f2c2bbb136ea50985ca4bc7b4 (patch)
tree	3913dbb9ebe07927e16ed0518fc1a1af00787dc6 /security/commoncap.c
parent	0db7bd8ca0033c1530bcefcbd49002364dba908a (diff)
parent	d52fc5dde171f030170a6cb78034d166b13c9445 (diff)
download	linux-b6a89584c36f307f2c2bbb136ea50985ca4bc7b4.tar.xz