a6dbb1ef2f
In linux-2.6.24-rc1, security/commoncap.c:cap_inh_is_capped() was introduced. It has the exact reverse of its intended behavior. This led to an unintended privilege esculation involving a process' inheritable capability set. To be exposed to this bug, you need to have Filesystem Capabilities enabled and in use. That is: - CONFIG_SECURITY_FILE_CAPABILITIES must be defined for the buggy code to be compiled in. - You also need to have files on your system marked with fI bits raised. Signed-off-by: Andrew G. Morgan <morgan@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@akpm@linux-foundation.org> |
||
|---|---|---|
| .. | ||
| keys | ||
| selinux | ||
| capability.c | ||
| commoncap.c | ||
| dummy.c | ||
| inode.c | ||
| Kconfig | ||
| Makefile | ||
| root_plug.c | ||
| security.c | ||