linux_old1/security
Satyam Sharma 3bd858ab1c Introduce is_owner_or_cap() to wrap CAP_FOWNER use with fsuid check
Introduce is_owner_or_cap() macro in fs.h, and convert over relevant
users to it. This is done because we want to avoid bugs in the future
where we check for only effective fsuid of the current task against a
file's owning uid, without simultaneously checking for CAP_FOWNER as
well, thus violating its semantics.
[ XFS uses special macros and structures, and in general looked ...
untouchable, so we leave it alone -- but it has been looked over. ]

The (current->fsuid != inode->i_uid) check in generic_permission() and
exec_permission_lite() is left alone, because those operations are
covered by CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH. Similarly operations
falling under the purview of CAP_CHOWN and CAP_LEASE are also left alone.

Signed-off-by: Satyam Sharma <ssatyam@cse.iitk.ac.in>
Cc: Al Viro <viro@ftp.linux.org.uk>
Acked-by: Serge E. Hallyn <serge@hallyn.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-17 12:00:03 -07:00
..
keys [AF_RXRPC]: Key facility changes for AF_RXRPC 2007-04-26 15:46:23 -07:00
selinux Introduce is_owner_or_cap() to wrap CAP_FOWNER use with fsuid check 2007-07-17 12:00:03 -07:00
Kconfig [PATCH] LSM: remove BSD secure level security module 2006-09-29 09:18:10 -07:00
Makefile [PATCH] LSM: remove BSD secure level security module 2006-09-29 09:18:10 -07:00
capability.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
commoncap.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
dummy.c security: Protection for exploiting null dereference using mmap 2007-07-11 22:52:29 -04:00
inode.c remove "struct subsystem" as it is no longer needed 2007-05-02 18:57:59 -07:00
root_plug.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
security.c security: unexport mmap_min_addr 2007-07-11 22:52:33 -04:00