tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'caps-pr-20250729' of git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux

Pull capabilities update from Serge Hallyn:

- Fix broken link in documentation in capability.h

- Correct the permission check for unsafe exec

During exec, different effective and real credentials were assumed to
mean changed credentials, making it impossible in the no-new-privs
case to keep different uid and euid

* tag 'caps-pr-20250729' of git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux:
uapi: fix broken link in linux/capability.h
exec: Correct the permission check for unsafe exec

Linus Torvalds 12ed593e f1aa129d

+11 -14
+3 -2
include/uapi/linux/capability.h
··· 6 6 * Alexander Kjeldaas <astor@guardian.no> 7 7 * with help from Aleph1, Roland Buresund and Andrew Main. 8 8 * 9 - * See here for the libcap library ("POSIX draft" compliance): 9 + * See here for the libcap2 library (compliant with Section 25 of 10 + * the withdrawn POSIX 1003.1e Draft 17): 10 11 * 11 - * ftp://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/ 12 + * https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/ 12 13 */ 13 14 14 15 #ifndef _UAPI_LINUX_CAPABILITY_H
+8 -12
security/commoncap.c
··· 856 856 #define __cap_full(field, cred) \ 857 857 cap_issubset(CAP_FULL_SET, cred->cap_##field) 858 858 859 - static inline bool __is_setuid(struct cred *new, const struct cred *old) 860 - { return !uid_eq(new->euid, old->uid); } 861 - 862 - static inline bool __is_setgid(struct cred *new, const struct cred *old) 863 - { return !gid_eq(new->egid, old->gid); } 864 - 865 859 /* 866 860 * 1) Audit candidate if current->cap_effective is set 867 861 * ··· 885 891 (root_privileged() && 886 892 __is_suid(root, new) && 887 893 !__cap_full(effective, new)) || 888 - (!__is_setuid(new, old) && 894 + (uid_eq(new->euid, old->euid) && 889 895 ((has_fcap && 890 896 __cap_gained(permitted, new, old)) || 891 897 __cap_gained(ambient, new, old)))) ··· 911 917 /* Process setpcap binaries and capabilities for uid 0 */ 912 918 const struct cred *old = current_cred(); 913 919 struct cred *new = bprm->cred; 914 - bool effective = false, has_fcap = false, is_setid; 920 + bool effective = false, has_fcap = false, id_changed; 915 921 int ret; 916 922 kuid_t root_uid; 917 923 ··· 935 941 * 936 942 * In addition, if NO_NEW_PRIVS, then ensure we get no new privs. 937 943 */ 938 - is_setid = __is_setuid(new, old) || __is_setgid(new, old); 944 + id_changed = !uid_eq(new->euid, old->euid) || !in_group_p(new->egid); 939 945 940 - if ((is_setid || __cap_gained(permitted, new, old)) && 946 + if ((id_changed || __cap_gained(permitted, new, old)) && 941 947 ((bprm->unsafe & ~LSM_UNSAFE_PTRACE) || 942 948 !ptracer_capable(current, new->user_ns))) { 943 949 /* downgrade; they get no more than they had, and maybe less */ ··· 954 960 new->sgid = new->fsgid = new->egid; 955 961 956 962 /* File caps or setid cancels ambient. */ 957 - if (has_fcap || is_setid) 963 + if (has_fcap || id_changed) 958 964 cap_clear(new->cap_ambient); 959 965 960 966 /* ··· 987 993 return -EPERM; 988 994 989 995 /* Check for privilege-elevated exec. */ 990 - if (is_setid || 996 + if (id_changed || 997 + !uid_eq(new->euid, old->uid) || 998 + !gid_eq(new->egid, old->gid) || 991 999 (!__is_real(root_uid, new) && 992 1000 (effective || 993 1001 __cap_grew(permitted, ambient, new))))