fcaps: clear the same personality flags as suid when fcaps are used

If a process increases permissions using fcaps all of the dangerous personality flags which are cleared for suid apps should also be cleared. Thus programs given priviledge with fcaps will continue to have address space randomization enabled even if the parent tried to disable it to make it easier to attack. Signed-off-by: Eric Paris <eparis@redhat.com> Reviewed-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
author: Eric Paris <eparis@redhat.com> 2012-04-17 16:26:54 -0400
committer: Varun Wadekar <vwadekar@nvidia.com> 2012-04-25 11:46:01 +0530
commit: d9d6d6276efdb090d8114e9d1e6a65736e0a7154 (patch)
tree: ec91b2f098d32bb7a2e1ded4ca5969c5a689c996 /security
parent: 6889936493501f1d9abddff353cfd5fb266538c8 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/security/commoncap.c b/security/commoncap.c
index 2b07d91e9e46..5ec6bc24a43b 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -515,6 +515,11 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
 	}
 skip:
 
+	/* if we have fs caps, clear dangerous personality flags */
+	if (!cap_issubset(new->cap_permitted, old->cap_permitted))
+		bprm->per_clear |= PER_CLEAR_ON_SETID;
+
+
 	/* Don't let someone trace a set[ug]id/setpcap binary with the revised
 	 * credentials unless they have the appropriate permit
 	 */
author	Eric Paris <eparis@redhat.com>	2012-04-17 16:26:54 -0400
committer	Varun Wadekar <vwadekar@nvidia.com>	2012-04-25 11:46:01 +0530
commit	d9d6d6276efdb090d8114e9d1e6a65736e0a7154 (patch)
tree	ec91b2f098d32bb7a2e1ded4ca5969c5a689c996 /security
parent	6889936493501f1d9abddff353cfd5fb266538c8 (diff)